Systems and methods for automatic generation and retrieval of an information handling system password
First Claim
1. An information handling system comprising:
- a processor;
a network interface communicatively coupled to the processor and to a network; and
a basic input/output system (BIOS) comprising processor executable BIOS instructions that, when executed, cause the processor to perform BIOS operations including;
initializing one or more information handling resources of the information handling system;
responsive to receiving, from a remote administrator via the network interface, a remote management request for an administrator password for the information handling system, determining whether the administrator password has been set previously;
responsive to determining that the administrator password has been set previously, generating an error message;
responsive to determining that the administrator password has not been previously set, performing password setting operations, comprising;
causing the information handling system to restart;
generating a random character string;
sealing the random character string in cryptoprocessor memory and preserving a cryptoprocessor state as of the sealing, wherein the cryptoprocessor memory is accessible only to a cryptoprocessor of the information handling system wherein the cryptoprocessor state indicates a state of the cryptoprocessor; and
setting the random character string as the administrator password in firmware; and
after the random character string has been set as the administrator password, responding to receiving, during a portion of booting the information handling system prior to booting an operating system, a user request for the administrator password, by performing password revealing operations, comprising;
responsive to determining that an aspect of the user request ensures that a user making the user request is physically present at the information handling system and that a current cryptoprocessor state matches the cryptoprocessor state as of the sealing, unsealing the administrator password from cryptoprocessor memory, storing the administrator password in system memory, anddisplaying the administrator password via a user interface display.
14 Assignments
0 Petitions
Accused Products
Abstract
In accordance with embodiments of the present disclosure, an information handling system may include a processor and a basic input/output system (BIOS). The BIOS may comprise a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may further be configured to, during a boot of an information handling system, and in response to a request to set a password associated with the information handling system, generate a random password, securely store the random password in a memory such that the password may be retrieved during a subsequent boot of the information handling system by a user physically present at the information handling system, and set the random password as the password associated with the information handling system.
16 Citations
17 Claims
-
1. An information handling system comprising:
-
a processor; a network interface communicatively coupled to the processor and to a network; and a basic input/output system (BIOS) comprising processor executable BIOS instructions that, when executed, cause the processor to perform BIOS operations including; initializing one or more information handling resources of the information handling system; responsive to receiving, from a remote administrator via the network interface, a remote management request for an administrator password for the information handling system, determining whether the administrator password has been set previously; responsive to determining that the administrator password has been set previously, generating an error message; responsive to determining that the administrator password has not been previously set, performing password setting operations, comprising; causing the information handling system to restart; generating a random character string; sealing the random character string in cryptoprocessor memory and preserving a cryptoprocessor state as of the sealing, wherein the cryptoprocessor memory is accessible only to a cryptoprocessor of the information handling system wherein the cryptoprocessor state indicates a state of the cryptoprocessor; and setting the random character string as the administrator password in firmware; and after the random character string has been set as the administrator password, responding to receiving, during a portion of booting the information handling system prior to booting an operating system, a user request for the administrator password, by performing password revealing operations, comprising; responsive to determining that an aspect of the user request ensures that a user making the user request is physically present at the information handling system and that a current cryptoprocessor state matches the cryptoprocessor state as of the sealing, unsealing the administrator password from cryptoprocessor memory, storing the administrator password in system memory, and displaying the administrator password via a user interface display. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
responsive to receiving, from a remote administrator via a network interface of an information handling system, a remote management request for an administrator password for the information handling system, determining whether the administrator password has been set previously; responsive to determining that the administrator password has been set previously, generating an error message; responsive to determining that the administrator password has not been previously set, performing password setting operations, comprising; causing the information handling system to restart; generating a random character string; sealing the random character string in cryptoprocessor memory and preserving a cryptoprocessor state as of the sealing, wherein the cryptoprocessor memory is accessible only to a cryptoprocessor of the information handling system wherein the cryptoprocessor state indicates a state of the cryptoprocessor; and setting the random character string as the administrator password in firmware; and after the random character string has been set as the administrator password, responding to receiving, during a portion of booting the information handling system prior to booting an operating system, a user request for the administrator password, by performing password revealing operations, comprising; responsive to determining that an aspect of the user request ensures that a user making the user request is physically present at the information handling system and that a current cryptoprocessor state matches the cryptoprocessor state as of the sealing, unsealing the administrator password from cryptoprocessor memory, storing the administrator password in system memory, and displaying the administrator password via a user interface display. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An article of manufacture comprising:
a non-transitory computer readable medium including processor-executable basic input/output system (BIOS) instructions that, when executed by a processor of an information handling system, cause the processor to perform operations comprising; responsive to receiving, from a remote administrator via a network interface of the information handling system, a remote management request for an administrator password for the information handling system, determining whether the administrator password has been set previously; responsive to determining that the administrator password has been set previously, generating an error message; responsive to determining that the administrator password has not been previously set, performing password setting operations, comprising; causing the information handling system to restart; generating a random character string; sealing the random character string in cryptoprocessor memory and preserving a cryptoprocessor state as of the sealing, wherein the cryptoprocessor memory is accessible only to a cryptoprocessor of the information handling system wherein the cryptoprocessor state indicates a state of the cryptoprocessor; and setting the random character string as the administrator password in firmware; and after the random character string has been set as the administrator password, responding to receiving, during a portion of booting the information handling system prior to booting an operating system, a user request for the administrator password, by performing password revealing operations, comprising; responsive to determining that an aspect of the user request ensures that a user making the user request is physically present at the information handling system and that a current cryptoprocessor state matches the cryptoprocessor state as of the sealing, unsealing the administrator password from cryptoprocessor memory, storing the administrator password in system memory, and displaying the administrator password via a user interface display. - View Dependent Claims (13, 14, 15, 16, 17)
Specification