Systems and methods to support drift detection in complex information handling system platforms comprised of replaceable components

Assignee

• Dell Products L.P. · US

Inventors

• Eugene David Cho · Austin, US
• Marshal F. Savage · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

In drift detection for complex IHS platforms comprised of replaceable components an IHS a security processor may present a number of hieratical sets of Platform Configuration Registers (PCRs) as Virtualized PCR Engines (VPEs) corresponding to IHS platform hardware, sub-domains, and/or central processing units. An IHS aggregation engine may collect measure(s) of platform components, populate the PCRs of the VPEs, and maintain a platform-level VPE and PCR event log from sub-domains of the platform. The measure(s) may be collected indirectly from component Security Protocols and Data Models (SPDM) and/or directly over Management Component Transport Protocol (MCTP), Inter-Integrated Circuit (I2C), Peripheral Component Interconnect Express (PCIe) and/or via Serial Peripheral Interconnect (SPI). The measure(s) may include vendor certificate authority (CA) certificates for feeding into the PCRs. The VPE hierarchy structure enables hardware, firmware, IHS configuration and/or vendor CA certificate drift detection at boot-time and/or component Operating System (OS) measurement during runtime.