Search

US-12619513-B2 - Validation of flexible IHS hardware configurations

US12619513B2US 12619513 B2US12619513 B2US 12619513B2US-12619513-B2

Abstract

Systems and methods are provided for supporting validation of flexible configurations of hardware components installed in IHSs (Information Handling Systems). During factory provisioning of an IHS, a factory-signed inventory certificate is uploaded to the IHS that identifies factory-installed hardware of the IHS, and that also includes designations for each of the factory-installed hardware components as required or optional components. Upon deployment of the IHS, validation procedures of the IHS use the inventory certificate to validate the detected IHS hardware as factory-installed hardware. When a hardware component specified in the inventory certificate as optional is not present in the detected hardware components, booting of the IHS may continue. When a hardware component specified in the inventory certificate as required is not present in the detected hardware components, a validation failure is signaled.

Inventors

  • Dharma Bhushan Ramaiah
  • Shinose Abdul RAHIMAN
  • Rama Rao Bisa
  • Mini Thottunkal Thankappan
  • Vineeth Radhakrishnan
  • A Anis Ahmed
  • Jason Matthew YOUNG

Assignees

  • DELL PRODUCTS, L.P.

Dates

Publication Date
20260505
Application Date
20231115

Claims (20)

  1. 1 . An IHS (Information Handling System) comprising: one or more processors; one or more memory devices coupled to the processors, the memory devices storing computer-readable instructions that, upon execution by the processors, cause a validation process of the IHS to: retrieve a factory-provisioned inventory certificate that specifies factory-installed hardware components of the IHS, wherein the inventory certificate comprises a designation for each of the factory-installed hardware components as required or optional; identify a plurality of hardware components of the IHS that have been detected; in response to determining that an optional hardware component designated as optional in the factory-provisioned inventory certificate is not present in the identified plurality of hardware components of the IHS, signal validation of the IHS without the optional hardware component; and in response to determining that a factory-installed hardware component specified in the factory-provisioned inventory certificate as required is not present in the identified plurality of hardware components of the IHS, signal a validation failure and prevent booting of the IHS.
  2. 2 . The IHS of claim 1 , wherein the factory-provisioned inventory certificate is stored to a persistent memory of the IHS during factory-provisioning of the IHS.
  3. 3 . The IHS of claim 1 , wherein the designation of a hardware component as required in the inventory certificate comprises a requirement for the exact factory-installed hardware component specified in the inventory certificate.
  4. 4 . The IHS of claim 1 , wherein the designation of a hardware component as required in the inventory certificate comprises a requirement for a compatible hardware component.
  5. 5 . The IHS of claim 4 , wherein the requirement for a compatible hardware component comprises a requirement for a specific model of hardware component.
  6. 6 . The IHS of claim 4 , wherein the requirement for a compatible hardware component comprises a requirement for a hardware component with a thermal rating within a specific range.
  7. 7 . The IHS of claim 4 , wherein the requirement for a compatible hardware component comprises a requirement for a hardware component that is identified by a device identity certificate.
  8. 8 . The IHS of claim 1 , wherein the factory-installed hardware components designated as required comprise hardware components that form a hardware root-of-trust of the IHS.
  9. 9 . The IHS of claim 8 , wherein the hardware root-of-trust of the IHS comprises hardware components that operate using validated firmware instructions.
  10. 10 . The IHS of claim 1 , wherein the signaling validation of the IHS without the optional hardware component is performed after the factory-provisioned inventory certificate is used to confirm all of the factory-installed hardware components designated as required are present.
  11. 11 . The IHS of claim 10 , wherein the signaling validation of the IHS without the optional hardware component is performed after the factory-provisioned inventory certificate is used to confirm all of the factory-installed hardware components designated as optional.
  12. 12 . The IHS of claim 10 , wherein booting of the IHS without an optional hardware component is disabled by a remote access controller of the IHS.
  13. 13 . A method for validating hardware detected by an IHS (Information Handling System), the method comprising: retrieving, by a validation process of the IHS, a factory-provisioned inventory certificate that specifies factory-installed hardware components of the IHS, wherein the inventory certificate comprises a designation for each of the factory-installed hardware components as required or optional; identifying a plurality of hardware components of the IHS that have been detected; in response to determining that an optional hardware component designated as optional in the factory-provisioned inventory certificate is not present in the identified plurality of hardware components of the IHS, signaling validation of the IHS without the optional hardware component; and in response to determining that a factory-installed hardware component specified in the factory-provisioned inventory certificate as required is not present in the identified plurality of hardware components of the IHS, signaling a validation failure and prevent booting of the IHS.
  14. 14 . The method of claim 13 , wherein the factory-provisioned inventory certificate is stored to a persistent memory of the IHS during factory-provisioning of the IHS.
  15. 15 . The method of claim 13 , wherein the designation of a hardware component as required in the inventory certificate comprises a requirement for the exact factory-installed hardware component specified in the inventory certificate.
  16. 16 . The method of claim 13 , wherein the designation of a hardware component as required in the inventory certificate comprises a requirement for a compatible hardware component.
  17. 17 . The method of claim 13 , wherein the factory-installed hardware components designated as required comprise hardware components that form a hardware root-of-trust of the IHS.
  18. 18 . A non-transitory computer-readable storage device having instructions stored thereon for validating hardware detected by an IHS (Information Handling System), wherein execution of the instructions by one or more processors of the IHS causes a validation process of the IHS to: retrieve a factory-provisioned inventory certificate that specifies factory-installed hardware components of the IHS, wherein the inventory certificate comprises a designation for each of the factory-installed hardware components as required or optional; identify a plurality of hardware components of the IHS that have been detected; in response to determining that an optional hardware component designated as optional in the factory-provisioned inventory certificate is not present in the identified plurality of hardware components of the IHS, signal validation of the IHS without the optional hardware component; and in response to determining that a factory-installed hardware component specified in the factory-provisioned inventory certificate as required is not present in the identified plurality of hardware components of the IHS, signal a validation failure and prevent booting of the IHS.
  19. 19 . The non-transitory computer-readable storage device of claim 18 , wherein the factory-provisioned inventory certificate is stored to a persistent memory of the IHS during factory-provisioning of the IHS.
  20. 20 . The non-transitory computer-readable storage device of claim 18 , wherein the designation of a hardware component as required in the inventory certificate comprises a requirement for the exact factory-installed hardware component specified in the inventory certificate.

Description

CROSS REFERENCE TO RELATED APPLICATIONS Related subject matter is contained in co-pending U.S. patent application Ser. No. 18/512,231, entitled “Enforcement of Factory-Provisioned Restrictions on Modifications to IHS Hardware,” filed on Nov. 17, 2023, the disclosure of which is hereby incorporated by reference. FIELD The present disclosure relates generally to Information Handling Systems (IHSs), and relates more particularly to supporting secure modifications to IHSs. BACKGROUND As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is Information Handling Systems (IHSs). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems. Some types of IHSs, such as mobile phones and tablets, are typically manufactured in large quantities and with few variations. For instance, for a particular model of mobile phone or tablet, hundreds of thousands of identical, or nearly identical, devices may be manufactured. Other types of IHSs, such as rack-mounted servers, are manufactured in much smaller quantities and are frequently manufactured and customized according to specifications provided by a specific customer that has contracted for the manufacture and delivery of the server. In such instances, a customer may specify various hardware and/or software customizations that configure the server to support specific functionality. For example, a customer may contract for manufacture and delivery of a server that includes security adaptations that will enable the server to quickly and securely process artificial intelligence computations. Once an IHS has been received and deployed, a customer may make modifications to the hardware and software of the IHS in order to adapt it for a particular computing task or a particular physical environment. In some scenarios, such as within a data center, rack-mounted server IHSs may include replaceable hardware components that are easily removed from the IHS and replaced, in some instances while the operations of the IHS continue. SUMMARY In various embodiments, systems and methods include an IHS (Information Handling System) that includes: one or more processors; one or more memory devices coupled to the processors, the memory devices storing computer-readable instructions that, upon execution by the processors, cause a validation process of the IHS to: retrieve a factory-provisioned inventory certificate that specifies factory-installed hardware components of the IHS, wherein the inventory certificate comprises a designation for each of the factory-installed hardware components as required or optional; identify a plurality of hardware components of the IHS that have been detected; signal booting of the IHS without an optional hardware component when a factory-installed hardware component designated in the inventory certificate as optional is not present in the plurality of detected hardware components of the IHS; and signal a validation failure when a factory-installed hardware component specified in the inventory certificate as required is not present in the plurality of detected hardware components of the IHS. In some embodiments, the factory-provisioned inventory certificate is stored to a persistent memory of the IHS during factory-provisioning of the IHS. In some embodiments, the designation of a hardware component as required in the inventory certificate comprises a requirement for the exact factory-installed hardware component specified in the inventory certificate. In some embodiments, the designation of a hardware component as required in the inventory certificate comprises a requirement for a compatible hardware component. In some embodiments, the requirement for a compatible hardware component comprises a requirement for a specific model of hardware component. In some embodiments, the requirement for a compatible hardware component comprises a requirement for a hardware component with a thermal rating within a specific range.