Abstract: A method includes identifying, from among nodes within a multi-node system, a node that has a security setting satisfying a security setting criteria, booting the multi-node system with the identified node as the primary node, and operating the multi-node system using the security setting of the identified node. Accordingly, the method may provide dynamic selection of a primary node based upon the security setting criteria and the security settings of the nodes within the multi-node system. Optionally, the security setting of each node is stored in a trusted platform module. In non-limiting examples, the security setting criteria may be the highest security setting among all nodes within the multi-node system or a predetermined minimum security setting, such as a trusted execution technology setting.

Abstract: A computer program product including a computer readable storage medium having program instructions embodied therewith. The program instructions are executable by a processor to cause the processor to perform a method including identifying, from among nodes within a multi-node system, a node that has a security setting satisfying a security setting criteria, booting the multi-node system with the identified node as the primary node; and operating the multi-node system using the security setting of the identified node. Accordingly, the method may provide dynamic selection of a primary node based upon the security setting criteria and the security settings of the nodes within the multi-node system. In non-limiting examples, the security setting criteria may be the highest security setting among all nodes within the multi-node system or a predetermined minimum security setting, such as a trusted execution technology setting.

Abstract: Methods, apparatuses, and computer program products for authorizing use of a test key signed build are provided. Embodiments include transmitting to an update provider system, unique data associated with a target system; receiving from the update provider system, a signed update capsule file; determining, by the target system, that a signature within the signed update capsule file is valid; in response to determining that the signature is valid, determining that the validation data within the signed update capsule file matches the unique data associated with the target system; and in response to determining that the validation data matches the unique data, determining that the target system is authorized to use a test key signed build to update the firmware of the target system.

Abstract: A computer program product includes computer readable program code for initiating boot of a multi-node system including a first compute node scaled together with a second compute node, wherein the multi-node system boots from a basic input output system of the first compute node that is identified as a primary node by a trusted platform module of the first compute node. The computer program product further comprises computer readable program code for receiving a request to reconfigure the multi-node system so that the second compute node would become the primary node, and computer readable program code for reconfiguring the multi-node system so that the second node is the primary mode only in response to a user manually asserting physical presence to a trusted platform module of the first compute node.

Abstract: A computer system comprises a Trusted Platform Module System (TPMS). The TPMS comprises a first Trusted Platform Module (TPM) and a second TPM, which comports with a different TPM specification than that followed by the first TPM. A physical presence input device receives a local physical change signal that proves a local physical presence of a user at the computer system. A toggle input device, which requires the local physical change signal, causes the state being output from the GPIO pin on the first TPM to switch from a first state to a second state. This change of state causes a TPM switch to selectively decouple the first TPM from a central processing unit and to couple the second TPM to the central processing unit.

Abstract: A computer system comprises a Trusted Platform Module System (TPMS). The TPMS comprises a first Trusted Platform Module (TPM) and a second TPM, which comports with a different TPM specification than that followed by the first TPM. A physical presence input device receives a local physical change signal that proves a local physical presence of a user at the computer system. A toggle input device, which requires the local physical change signal, causes the state being output from the GPIO pin on the first TPM to switch from a first state to a second state. This change of state causes a TPM switch to selectively decouple the first TPM from a central processing unit and to couple the second TPM to the central processing unit.

Abstract: Enabling capacity on demand in a computing system using a calendar, including: receiving, by a resource management module, a request to purchase capacity on demand, the request including a cumulative amount of time for capacity on demand; receiving, by the resource management module, one or more calendar entries identifying requested periods of time for capacity on demand; and allocating, by the resource management module, capacity on demand in dependence upon the cumulative amount of time for capacity on demand and the requested periods of time for capacity on demand.

Abstract: A method initiates boot of a multi-node system including a first compute node scaled together with a second compute node, wherein the multi-node system boots from a basic input output system of the first compute node that is identified as a primary node by a trusted platform module of the first compute node. The method further includes receiving a request to reconfigure the multi-node system so that the second compute node would become the primary node, and reconfiguring the multi-node system so that the second node is the primary mode only in response to a user manually asserting physical presence to a trusted platform module of the first compute node. A system provides compute nodes that each include a trusted platform module having first and second non-volatile indices for controlling the configuration of the multimode system.

Abstract: A computer program product includes computer readable program code for initiating boot of a multi-node system including a first compute node scaled together with a second compute node, wherein the multi-node system boots from a basic input output system of the first compute node that is identified as a primary node by a trusted platform module of the first compute node. The computer program product further comprises computer readable program code for receiving a request to reconfigure the multi-node system so that the second compute node would become the primary node, and computer readable program code for reconfiguring the multi-node system so that the second node is the primary mode only in response to a user manually asserting physical presence to a trusted platform module of the first compute node.

Abstract: A method initiates boot of a multi-node system including a first compute node scaled together with a second compute node, wherein the multi-node system boots from a basic input output system of the first compute node that is identified as a primary node by a trusted platform module of the first compute node. The method further includes receiving a request to reconfigure the multi-node system so that the second compute node would become the primary node, and reconfiguring the multi-node system so that the second node is the primary mode only in response to a user manually asserting physical presence to a trusted platform module of the first compute node. A system provides compute nodes that each include a trusted platform module having first and second non-volatile indices for controlling the configuration of the multimode system.

Abstract: Provisioning memory in a memory system for mirroring includes: gathering, by a memory controller, margin data for memory in the memory system, the margin data representing susceptibility for error; identifying, by the memory controller in dependence upon provisioning criteria and the margin data, mirroring candidates within the memory system; and mirroring, by the memory controller, memory of the memory system utilizing the mirroring candidates as a mirrored backup of other memory in the memory system.

Abstract: A method uses a firmware interface setup program for a selected compute node (“node”) to cause a firmware interface to enable a trusted platform module (TPM) on the selected node to receive a physical presence (PP) signal. The selected node is selected from a plurality of nodes within a multi-node chassis, wherein each node includes a firmware interface and a TPM. A device within the multi-node chassis is manually actuated to transmit a PP signal to each of the plurality of nodes, such that each node receives the PP signal. The PP signal is asserted to the TPM of the selected node in response to both enabling the TPM of the selected node to be able to receive the PP signal and receiving the PP signal. Still further, the method allows modification of a security setting of the selected node in response to the TPM receiving the PP signal.

Abstract: Preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank, including during startup of the computing system: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in the primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank; and responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank.

Abstract: Intelligently loading legacy option ROMs in a computing system, including: generating, by a legacy option ROM manager, an inventory for the computing system, wherein the inventory for the computing system identifies one or more devices in the computing system; determining, by the legacy option ROM manager for each option ROM available for loading, whether a device supported by the option ROM is included in the inventory for the computing system; responsive to determining that the device supported by the option ROM is not included in the inventory for the computing system, preventing the option ROM from being loaded into an option ROM address space; and responsive to determining that the device supported by the option ROM is included in the inventory for the computing system, enabling the option ROM to be loaded into the option ROM address space.

Abstract: A method and/or computer program product automatically adjusts room temperature in a data center room. A processor in a heating, ventilation and air conditioning (HVAC) system receives a throttle threshold temperature for each of multiple computing devices that are within a data center room, which is climate-controlled by the HVAC system. The processor in the HVAC system monitors a real-time temperature of at least one of the multiple computing devices. In response to the real-time temperature of said at least one of the multiple computing devices exceeding the throttle threshold temperature, an ambient air temperature in the data center room is decreased by adjusting a hardware thermostat in the HVAC system.

Abstract: A method and/or computer program product automatically adjusts room temperature in a data center room. A processor in a heating, ventilation and air conditioning (HVAC) system receives a throttle threshold temperature for each of multiple computing devices that are within a data center room, which is climate-controlled by the HVAC system. The processor in the HVAC system monitors a real-time temperature of at least one of the multiple computing devices. In response to the real-time temperature of said at least one of the multiple computing devices exceeding the throttle threshold temperature, an ambient air temperature in the data center room is decreased by adjusting a hardware thermostat in the HVAC system.

Abstract: A method uses a firmware interface setup program for a selected compute node (“node”) to cause a firmware interface to enable a trusted platform module (TPM) on the selected node to receive a physical presence (PP) signal. The selected node is selected from a plurality of nodes within a multi-node chassis, wherein each node includes a firmware interface and a TPM. A device within the multi-node chassis is manually actuated to transmit a PP signal to each of the plurality of nodes, such that each node receives the PP signal. The PP signal is asserted to the TPM of the selected node in response to both enabling the TPM of the selected node to be able to receive the PP signal and receiving the PP signal. Still further, the method allows modification of a security setting of the selected node in response to the TPM receiving the PP signal.

Abstract: A system includes a multi-node chassis including a chassis management module, a plurality of compute nodes, and a physical presence manual actuator for transmitting a physical presence signal to each compute node in response to manual actuation. Each server has a firmware interface, a trusted platform module, and an AND gate. The firmware interface has a general purpose input output pin for providing an enabling signal in response to a user instruction to a firmware interface setup program that communicates with the firmware interface. The AND gate has a first input receiving the enabling signal, a second input receiving the physical presence signal, and an output coupled to the trusted platform module, wherein the AND gate for a selected compute node asserts physical presence to the trusted platform module of the selected compute node in response to receiving both the enabling signal and the physical presence signal.

Abstract: Embodiments of the present invention provide a method, system and computer program product for retroactive message management. In an embodiment of the invention, a method for retroactive message management is provided. The method includes receiving a message in a messaging client executing in memory of a computer and characterizing the received message. The method also includes identifying an already received message in the messaging client that matches the characterization of the received message. Finally, the method includes processing the identified already received message in response to the receipt of the characterized message, for example by deleting the identified already received message or by moving the identified already received message to a folder in a messaging data store of the messaging client.

Abstract: Preventing propagation of hardware viruses in a computing system, including: determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper; determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.