Secure firmware integrity monitoring using rest over IPMI interface
First Claim
1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to:
- compute, by way of a first portion of a firmware executing on the computer, a current hash value for a second portion of the firmware;
transmit the current hash value for the second portion of the firmware from the first portion of the firmware to a baseboard management controller (BMC);
determine, by way of the BMC, whether the current hash value for the second portion of the firmware is the same as a reference hash value for the firmware;
transmit a first instruction from the BMC to the first portion of the firmware over a representational state transfer (REST) over intelligent platform management interface (IPMI) responsive to determining that the current hash value for the second portion of the firmware is the same as the reference hash value for the firmware;
receive the first instruction at the first portion of the firmware; and
execute the second portion of the firmware responsive to receiving the first instruction.
3 Assignments
0 Petitions
Accused Products
Abstract
Technologies are described herein for a representational state transfer (“REST” or “RESTful”) over Intelligent Platform Management Interface (“IPMI”) interface for firmware to BMC communication and applications thereof. These applications include, but are not limited to, remote firmware configuration, firmware updates, peripheral device firmware updates, provision of management information such as system inventory data, cloning and batch migration of firmware configuration settings, and firmware integrity monitoring. This functionality can be provided in a way that enables communication between BMCs and firmware to utilize modern manageability interfaces while maintaining backward compatibility with previous IPMI implementations.
75 Citations
20 Claims
-
1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to:
-
compute, by way of a first portion of a firmware executing on the computer, a current hash value for a second portion of the firmware; transmit the current hash value for the second portion of the firmware from the first portion of the firmware to a baseboard management controller (BMC); determine, by way of the BMC, whether the current hash value for the second portion of the firmware is the same as a reference hash value for the firmware; transmit a first instruction from the BMC to the first portion of the firmware over a representational state transfer (REST) over intelligent platform management interface (IPMI) responsive to determining that the current hash value for the second portion of the firmware is the same as the reference hash value for the firmware; receive the first instruction at the first portion of the firmware; and execute the second portion of the firmware responsive to receiving the first instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for verifying the integrity of a firmware of a computing system, comprising:
-
computing, by way of a first portion of a firmware executing on a computer, a current hash value for a second portion of the firmware; transmitting the current hash value for the second portion of the firmware from the first portion of the firmware to a baseboard management controller (BMC); determining, by way of the BMC, whether the current hash value for the second portion of the firmware is the same as a reference hash value for the firmware; transmitting a first instruction from the BMC to the first portion of the firmware over a REST over IPMI interface responsive to determining that the current hash value for the second portion of the firmware is the same as the reference hash value for the firmware; receiving the first instruction at the first portion of the firmware; and executing the second portion of the firmware responsive to receiving the first instruction. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing system, comprising:
-
one or more processors; and at least one non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by the one or more processors, cause the system to; compute, by way of a first portion of a firmware executing on a computer, a current hash value for a second portion of the firmware; transmit the current hash value for the second portion of the firmware from the first portion of the firmware to a baseboard management controller (BMC); determine, by way of the BMC, whether the current hash value for the second portion of the firmware is the same as a reference hash value for the firmware; transmit a first instruction from the BMC to the first portion of the firmware over a REST over IPMI interface responsive to determining that the current hash value for the second portion of the firmware is the same as the reference hash value for the firmware; receive the first instruction at the first portion of the firmware; and execute the second portion of the firmware responsive to receiving the first instruction. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification