Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: Examples described herein relate to a manageability controller for controlling a display of a screen video. The manageability controller may receive screen video data from a hypervisor running on a host operating system (OS) that is executable by a main processing resource separate from the manageability processing resource. The screen video data may include a host OS screen video data corresponding to the host OS, a virtual machine (VM) screen video data corresponding to a VM running on the hypervisor, or both. Further, the manageability controller may store the host OS screen video data or the VM screen video data in a physical video memory based on a screen selection input.

Abstract: Examples described herein relate to a system and method for providing a key store within Baseboard Management Controller (BMC) of a computing device. A secure storage key of the BMC may include a key store, storing cryptographic objects such as cryptographic keys and digital certificates used by entities for performing cryptographic operations. The BMC may receive a request from an entity for performing the cryptographic operation and may determine if the entity is authorized to request the cryptographic operation. If the entity is authorized, the BMC may identify a private key from the key store for performing the cryptographic operation. Once the key is identified, the BMC may determine if the entity is permitted access to the private key. When the entity is permitted to access the private key, the BMC may perform the cryptographic operation using the private key and returns the results to the entity.

Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: In some examples, a device receives a plurality of encryption keys from a secure storage of a management controller, where a first encryption key of the plurality of encryption keys is for site-wide access of information on removable storage media plugged into respective computers of a site, and a second encryption key of the plurality of encryption keys is to restrict access of information on removable storage media plugged into a subset of the computers. The device uses a given encryption key of the plurality of encryption keys to encrypt information written to or decrypt information read from a first removable storage medium plugged into a first computer of the computers, wherein the management controller is associated with and is separate from a processor of the first computer.

Abstract: Examples described herein relate to a manageability controller for controlling a display of a screen video. The manageability controller may receive screen video data from a hypervisor running on a host operating system (OS) that is executable by a main processing resource separate from the manageability processing resource. The screen video data may include a host OS screen video data corresponding to the host OS, a virtual machine (VM) screen video data corresponding to a VM running on the hypervisor, or both. Further, the manageability controller may store the host OS screen video data or the VM screen video data in a physical video memory based on a screen selection input.

Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: In some examples, a device receives a plurality of encryption keys from a secure storage of a management controller, where a first encryption key of the plurality of encryption keys is for site-wide access of information on removable storage media plugged into respective computers of a site, and a second encryption key of the plurality of encryption keys is to restrict access of information on removable storage media plugged into a subset of the computers. The device uses a given encryption key of the plurality of encryption keys to encrypt information written to or decrypt information read from a first removable storage medium plugged into a first computer of the computers, wherein the management controller is associated with and is separate from a processor of the first computer.