Search

US-12619732-B2 - Secure boot telemetry in a heterogeneous computing platform

US12619732B2US 12619732 B2US12619732 B2US 12619732B2US-12619732-B2

Abstract

Systems and methods include an Information Handling System (IHS) that is adapted to collect boot telemetry in a secure manner. Boot code of the IHS is executed to initiate a boot sequence that includes the generation of boot telemetry. The boot telemetry is collected in a partition of an NVRAM (Non-Volatile Random-Access Memory) of the IHS. When the capacity of the partition of the NVRAM reaches a threshold, the boot telemetry is transmitted from the NVRAM to a security device of an SoC (System-on-Chip) of the IHS for encryption of the boot telemetry. The encrypted boot telemetry is stored in an SSD (Solid-State Drive) of the IHS.

Inventors

  • Ibrahim Sayyed
  • Alan H. Abdelhalim
  • Adolfo S. Montero

Assignees

  • DELL PRODUCTS L.P.

Dates

Publication Date
20260505
Application Date
20240403

Claims (20)

  1. 1 . An Information Handling System (IHS), comprising: an SoC (System-on-Chip); an SSD (Solid-State Drive); an NVRAM (Non-Volatile Random-Access Memory) configured to store boot instructions; and one or more processors coupled to the NVRAM, wherein execution of the boot instructions by the one or more processors causes the IHS to: initiate a boot sequence that includes generation of boot telemetry; collect the boot telemetry in a partition of the NVRAM; when a capacity of the partition of the NVRAM is determined to reach a threshold, transmit boot telemetry from the NVRAM to a security device of the SoC for encryption of the boot telemetry; and store the encrypted boot telemetry in the SSD.
  2. 2 . The IHS of claim 1 , wherein the boot sequence comprises a UEFI boot sequence.
  3. 3 . The IHS of claim 2 , wherein the boot instructions comprise UEFI boot code.
  4. 4 . The IHS of claim 3 , wherein the NVRAM is exclusively accessible to the UEFI boot code.
  5. 5 . The IHS of claim 3 , wherein the UEFI boot code is configured to transmit the boot telemetry from the NVRAM to the security device of the SoC via a interconnect of the SoC.
  6. 6 . The IHS of claim 5 , wherein the interconnect of the SoC comprises a signal pathway that is exclusively accessible to the UEFI boot code.
  7. 7 . The IHS of claim 1 , wherein execution of the boot instructions by the one or more processors further causes the IHS to load additional boot code for configured to transmit boot telemetry from the NVRAM to the security device for encryption when the capacity of the partition of the NVRAM is determined to reach the threshold.
  8. 8 . The IHS of claim 1 , wherein the security device of the SoC comprises a device dedicated to implementation of security protocols for use by the IHS.
  9. 9 . The IHS of claim 1 , wherein the boot telemetry is encrypted by the SoC based at least in part on an encryption key of a keypair controlled by the IHS.
  10. 10 . The IHS of claim 1 , wherein the boot telemetry is encrypted and stored without use of capabilities provided by an operating system of the IHS.
  11. 11 . A method for securing boot telemetry of an Information Handling System (IHS), the method comprising: initiating a boot sequence of the IHS that includes generating boot telemetry; collecting the boot telemetry in a partition of an NVRAM (Non-Volatile Random-Access Memory) of the IHS that stores boot instructions; when a capacity of the partition of the NVRAM reaches a threshold, transmitting boot telemetry from the NVRAM to a security device of an SoC (System-on-Chip) of the IHS for encryption of the boot telemetry; and storing the encrypted boot telemetry in an SSD (Solid-State Drive) of the IHS.
  12. 12 . The method of claim 11 , wherein the boot sequence comprises a UEFI boot sequence.
  13. 13 . The method of claim 12 , wherein the NVRAM is exclusively accessible to boot code used to implement the UEFI boot sequence.
  14. 14 . The method of claim 11 , wherein the security device of the SoC comprises a device dedicated to implementing security protocols for use by the IHS.
  15. 15 . The method of claim 11 , wherein the boot telemetry is encrypted by the SoC using an encryption key of a keypair controlled by the IHS.
  16. 16 . The method of claim 11 , wherein the boot telemetry is encrypted and stored without use of capabilities provided by an operating system of the IHS.
  17. 17 . An NVRAM (Non-Volatile Random-Access Memory) storage device configured with instructions stored thereon, wherein execution of the instructions by one or more processors of an IHS (Information Handling System) causes the IHS to: initiate a boot sequence of the IHS that includes generation of boot telemetry; collect the boot telemetry in a partition of the NVRAM; when a capacity of the partition of the NVRAM reaches a threshold, transmit boot telemetry from the NVRAM to a security device of an SoC (System-on-Chip) of the IHS for encryption of the boot telemetry; and store the encrypted boot telemetry in an SSD (Solid-State Drive) of the IHS.
  18. 18 . The NVRAM storage device of claim 17 , wherein the boot sequence comprises a UEFI boot sequence.
  19. 19 . The NVRAM storage device of claim 17 , wherein the security device of the SoC comprises a device dedicated to implementation of security protocols for use by the IHS.
  20. 20 . The NVRAM storage device of claim 17 , wherein the boot telemetry is encrypted by the SoC based at least in part on an encryption key of a keypair controlled by the IHS.

Description

FIELD This disclosure relates generally to Information Handling Systems (IHSs), and more specifically, to systems and methods for securing telemetry generated by IHSs. BACKGROUND As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store it. One option available to users is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. Variations in IHSs allow for IHSs to be general or configured for a specific user or specific use, such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems. An IHS may be configured to generate a wide variety of telemetry that characterizes the operation of: the IHS, individual hardware components of the IHS, software operating on the IHS and/or subsystems of the IHS. Telemetry may be generated and collected throughout the operation of an IHS, including while booting the IHS. Boot telemetry may include information describing the computing architecture of an IHS and may also include information that could be used to compromise the booting procedures used by the IHS. SUMMARY In various embodiments, Information Handling Systems (IHSs) may include: an SoC (System-on-Chip); an SSD (Solid-State Drive); an NVRAM (Non-Volatile Random-Access Memory) storing boot instructions; and one or more processors coupled to the NVRAM, wherein execution of the boot instructions by the processors causes the IHS to: initiate a boot sequence that includes generating boot telemetry; collect the boot telemetry in a partition of the NVRAM; when a capacity of the partition of the NVRAM reaches a threshold, transmit boot telemetry from the NVRAM to a security device of the SoC for encryption of the boot telemetry; and store the encrypted boot telemetry in the SSD. In some embodiments, the boot sequence comprises a UEFI boot sequence. In some embodiments, the boot instructions comprise UEFI boot code. In some embodiments, the NVRAM is exclusively accessible to the UEFI boot code. In some embodiments, the UEFI boot code transmits the boot telemetry from the NVRAM to the security device of the SoC via a interconnect of the SoC. In some embodiments, the interconnect of the SoC comprises a signaling pathway that is exclusively accessible to the UEFI boot code. In some embodiments, execution of the boot code by the processors further causes the IHS to load additional boot code for transmitting boot telemetry from the NVRAM to the security device for encryption when the capacity of the partition of the NVRAM reaches the threshold. In some embodiments, the security device of the SoC comprises a device dedicated to implementing security protocols for use by the IHS. In some embodiments, the boot telemetry is encrypted by the SoC using an encryption key of a keypair controlled by the IHS. In some embodiments, the boot telemetry is encrypted and stored without use of capabilities provided by an operating system of the IHS. BRIEF DESCRIPTION OF THE DRAWINGS The present invention(s) is/are illustrated by way of example and is/are not limited by the accompanying figures, in which like references indicate similar elements. Elements in the figures are illustrated for simplicity and clarity, and have not necessarily been drawn to scale. FIG. 1 is a diagram illustrating examples of components of an Information Handling System (IHS) that is configured, according to some embodiments, for securing boot telemetry generated by the IHS. FIG. 2 is a diagram illustrating an example of a heterogenous computing platform configured, according to some embodiments, for securing boot telemetry generated by an IHS. FIG. 3 is a diagram illustrating an example of a system, according to some embodiments, for securing boot telemetry generated by an IHS. FIG. 4 is a diagram illustrating an example of a method, according to some embodiments, for securing boot telemetry generated by an IHS. DETAILED DESCRIPTION For purposes of this disclosure, an Information Handling System (IHS) may include any instrumentality or aggregate of instrumentalities operable to compute, calculate, determine, classify, process, transmit, receive, retrieve, originate, switch, store, displa