Trusted management controller firmware
First Claim
1. A method for ensuring management controller firmware security, by a security manager for a computing device, comprising:
- storing, at the security manager, a public key and raw identity data, the raw identity data including one or more of a manufacturer name of the computing device, a product name of the computing device, a device model identification of the computing device, a date, a time, text data or hash data;
receiving, from a management firmware for a management controller of the computing device, encrypted identity data, wherein the encrypted identity data is encrypted using a private key based upon an identical copy of the raw identity data stored on the management controller, the private key being paired with the public key;
decrypting the encrypted identity data into decrypted identity data using the public key;
comparing, by the security manager, the decrypted identity data with the raw identity data to determine whether the management firmware is authentic;
protecting the computing device from harm by the management firmware, in response to determining that the management firmware is not authentic;
replacing the management firmware with a new management firmware for the management controller;
obtaining, from the new management firmware, the encrypted identity data;
decrypting the encrypted identity data with the public key into decrypted identity data;
comparing the decrypted identity data with the raw identity data to determine whether the new management firmware is authentic; and
protecting the computing device from harm by the new management firmware, in response to determining that the new management firmware is not authentic.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for ensuring management controller firmware security, by a security manager of a computing device, includes storing a public key and raw identity data, and obtaining, from a management firmware for a management controller of the computing device, encrypted identity data. The security manager decrypts the encrypted identity data with the public key into decrypted identity data, and compares the decrypted identity data with the raw identity data to determine whether the management firmware is authentic. The security manager protects the computing device from harm by the management firmware, in response to determining that the management firmware is not authentic.
-
Citations
20 Claims
-
1. A method for ensuring management controller firmware security, by a security manager for a computing device, comprising:
-
storing, at the security manager, a public key and raw identity data, the raw identity data including one or more of a manufacturer name of the computing device, a product name of the computing device, a device model identification of the computing device, a date, a time, text data or hash data; receiving, from a management firmware for a management controller of the computing device, encrypted identity data, wherein the encrypted identity data is encrypted using a private key based upon an identical copy of the raw identity data stored on the management controller, the private key being paired with the public key; decrypting the encrypted identity data into decrypted identity data using the public key; comparing, by the security manager, the decrypted identity data with the raw identity data to determine whether the management firmware is authentic; protecting the computing device from harm by the management firmware, in response to determining that the management firmware is not authentic; replacing the management firmware with a new management firmware for the management controller; obtaining, from the new management firmware, the encrypted identity data; decrypting the encrypted identity data with the public key into decrypted identity data; comparing the decrypted identity data with the raw identity data to determine whether the new management firmware is authentic; and protecting the computing device from harm by the new management firmware, in response to determining that the new management firmware is not authentic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for ensuring management controller firmware security, by a manufacturer of a computing device, comprising:
-
generating a pair of security keys including a public key and a private key; encrypting raw identity data using the private key to encrypted identity data, the raw identity data including one or more of a manufacturer name of the computing device, a product name of the computing device, a device model identification of the computing device, a date, a time, text data or hash data; embedding the encrypted identity data in a management firmware for a management controller of the computing device; and embedding the public key and the raw identity data in a security manager of the computing device, the security manager configured to; receive, from the management firmware, the encrypted identity data, wherein the encrypted identity data is encrypted using the private key based upon an identical copy of the raw identity data stored on the management controller, the private key being paired with the public key; decrypt the encrypted identity data into decrypted identity data using the public key; compare the decrypted identity data with the raw identity data to determine whether the management firmware is authentic; protect the computing device from harm by the management firmware, in response to determining that the management firmware is not authentic; replace the management firmware with a new management firmware for the management controller; obtain, from the new management firmware, the encrypted identity data; decrypt the encrypted identity data with the public key into decrypted identity data; compare the decrypted identity data with the raw identity data to determine whether the new management firmware is authentic; and protect the computing device from harm by the new management firmware, in response to determining that the new management firmware is not authentic.
-
-
13. A computing device, comprising:
-
a management controller running a management firmware storing encrypted identity data; a security manager storing a public key and raw identity data, the raw identity data including one or more of a manufacturer name of the computing device, a product name of the computing device, a device model identification of the computing device, a date, a time, text data or hash data, the security manager configured to; receive, from the management firmware for the management controller of the computing device, encrypted identity data, wherein the encrypted identity data is encrypted using a private key based upon an identical copy of the raw identity data stored on the management controller, the private key being paired with the public key; decrypt the encrypted identity data with the public key into decrypted identity data using the public key; compare the decrypted identity data with the raw identity data to determine whether the management firmware is authentic; protect the computing device from harm by the management firmware, in response to determining that the management firmware is not authentic; replace the management firmware with a new management firmware for the management controller; obtain, from the new management firmware, the encrypted identity data; decrypt the encrypted identity data with the public key into decrypted identity data; compare the decrypted identity data with the raw identity data to determine whether the new management firmware is authentic; and protect the computing device from harm by the new management firmware, in response to determining that the new management firmware is not authentic. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification