Search

US-12621350-B2 - Out-of-band (OOB) policy management in heterogeneous computing platforms

US12621350B2US 12621350 B2US12621350 B2US 12621350B2US-12621350-B2

Abstract

Systems and methods for Out-of-Band (OOB) policy management in heterogeneous computing platforms. In some embodiments, an Information Handling System (IHS) may include a heterogeneous computing platform comprising a plurality of devices and an OOB Microcontroller Unit (MCU) integrated into the heterogeneous computing platform, where the OOB MCU is configured to: receive an OOB packet comprising a policy or policy update; and enforce the policy or policy update.

Inventors

  • Adolfo S. Montero
  • Abeye Teshome
  • Alok Pant

Assignees

  • DELL PRODUCTS, L.P.

Dates

Publication Date
20260505
Application Date
20230802

Claims (20)

  1. 1 . An Information Handling System (IHS), comprising: a heterogeneous computing platform comprising a plurality of devices; and an Out-of-Band (OOB) Microcontroller Unit (MCU) integrated into the heterogeneous computing platform, wherein the OOB MCU is configured to execute OOB MCU program instructions in an OOB MCU memory space distinct from any host processor memory space, wherein the OOB MCU program instructions are structured to cause the OOB MCU to perform operations that comprise: receive an OOB packet comprising a policy update, while every host processor of the heterogeneous computing platform is in a host processor low-power state; and while every host processor of the heterogeneous computing platform remains in the host processor low-power state: determine if the OOB packet is directed to an Original Equipment Manufacturer (OEM) sandbox configured with a segregated OEM sandbox memory space distinct from the OOB MCU memory space, based, at least in part, on a header in the OOB packet; in response to a determination the OOB packet is directed to the OEM sandbox, process the OOB packet at least in part in the segregated OEM sandbox memory space; and enforce the policy update.
  2. 2 . The IHS of claim 1 , wherein the heterogeneous computing platform comprises: a System-On-Chip (SoC), a Field-Programmable Gate Array (FPGA), or an Application-Specific Integrated Circuit (ASIC).
  3. 3 . The IHS of claim 1 , wherein the heterogeneous computing platform comprises a Reduced Instruction Set Computer (RISC) processor and a plurality of devices coupled to an interconnect.
  4. 4 . The IHS of claim 3 , wherein the plurality of devices comprises at least one of: a Graphical Processing Unit (GPU), an audio Digital Signal Processor (aDSP), a sensor hub, a Neural Processing Unit (NPU), a Tensor Processing Unit (TPU), a Neural Network Processor (NNP), an Intelligence Processing Unit (IPU), an Image Signal Processor (ISP), or a Video Processing Unit (VPU).
  5. 5 . The IHS of claim 3 , wherein the interconnect comprises at least one of: an Advanced Microcontroller Bus Architecture (AMBA) bus, a QuickPath Interconnect (QPI) bus, or a HyperTransport (HT) bus.
  6. 6 . The IHS of claim 1 , wherein the policy update comprises one or more restrictions associated with one or more of the plurality of devices.
  7. 7 . The IHS of claim 1 , wherein the policy update comprises one or more restrictions associated with one or more external devices coupled to the heterogeneous computing platform via a high-speed bus controller.
  8. 8 . The IHS of claim 1 , wherein the policy update comprises an OOB packet sniffing setting.
  9. 9 . The IHS of claim 1 , wherein to enforce the policy update, the OOB MCU is configured to write data onto an Operating System (OS) partition of a storage device coupled to the heterogeneous computing platform via a high-speed bus controller.
  10. 10 . The IHS of claim 1 , wherein the OOB packet comprises an opaque OOB packet.
  11. 11 . The IHS of claim 1 , wherein the OOB MCU is configured to authenticate the OOB packet in a baseline domain or a sandbox domain, determined by an OOB packet device target determined by an OOB packet header indication.
  12. 12 . The IHS of claim 11 , wherein the OOB MCU is configured to instruct a crypto device selected based at least in part on the OOB packet device target to authenticate the OOB packet.
  13. 13 . An Embedded Controller (EC) integrated into or coupled to a heterogeneous computing platform of an Information Handling System (IHS), the EC comprising: a processor core distinct from any host processor of the heterogeneous computing platform; and a memory coupled to the processor core, the memory configured with program instructions stored thereon that, upon execution by the processor core, cause the EC to execute EC program instructions in an EC memory space distinct from any host processor memory space, wherein the EC program instructions are structured to cause the EC to perform operations that comprise: receive an Out-of-Band (OOB) packet comprising a policy update, while every host processor of the heterogeneous computing platform is in a host processor low-power state; and while every host processor of the heterogeneous computing platform remains in the host processor low-power state: determine if the OOB packet is directed to an Original Equipment Manufacturer (OEM) sandbox configured with a segregated OEM sandbox memory space distinct from the EC memory space, based, at least in part, on a header in the OOB packet; in response to a determination the OOB packet is directed to the OEM sandbox, decode the OOB packet based at least in part on a key resident in OEM firmware associated with the OEM sandbox, and process the OOB packet at least in part in the segregated OEM sandbox memory space; and enforce the policy update.
  14. 14 . The EC of claim 13 , wherein the policy update comprises one or more restrictions associated with: network access, power management, thermal management, or management of input/output devices coupled to the EC.
  15. 15 . The EC of claim 13 , wherein the policy update comprises an OOB packet sniffing setting.
  16. 16 . The EC of claim 13 , wherein the OOB packet comprises an opaque OOB packet.
  17. 17 . The EC of claim 13 , wherein the EC is configured to choose a selected crypto device for OOB packet authentication based at least in part on an OOB packet header indication, allow the selected crypto device to receive power to authenticate the OOB packet, and disallow the selected crypto device from receipt of power after completion of the OOB packet authentication.
  18. 18 . The EC of claim 13 , wherein the host processor low-power state comprises an Advanced Configuration and Power Interface (ACPI) G3 state.
  19. 19 . A method, comprising: receiving, at an Information Technology Decision Maker (ITDM) terminal, a policy update associated with an Information Handling System (IHS); and transmitting an Out-of-Band (OOB) packet comprising an indication of the policy update to an OOB Microcontroller Unit (MCU), Embedded Controller (EC), or Basic Input/Output System (BIOS) of the IHS as part of an OOB packet sniffing operation performed by the IHS, wherein the OOB MCU, the EC, or the BIOS, while every host processor of the IHS remains in a low-power state, performs operations comprising: receiving the OOB packet; determining if the OOB packet is directed to an Original Equipment Manufacturer (OEM) sandbox configured with a segregated OEM sandbox memory space distinct from a memory space of the OOB MCU, EC, or BIOS, based, at least in part, on a header in the OOB packet; choosing a selected crypto device for OOB packet authentication based at least in part on an OOB packet header indication; allowing the selected crypto device to receive power to authenticate the OOB packet; disallowing the selected crypto device from receipt of power after completion of the OOB packet authentication; in response to a determination the OOB packet is directed to the OEM sandbox, processing the OOB packet at least in part in the segregated OEM sandbox memory space; and enforcing the policy update.
  20. 20 . The method of claim 19 , wherein the OOB packet comprises an opaque OOB packet.

Description

FIELD This disclosure relates generally to Information Handling Systems (IHSs), and more specifically, to systems and methods for Out-of-Band (OOB) policy management in heterogeneous computing platforms. BACKGROUND As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store it. One option available to users is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. Variations in IHSs allow for IHSs to be general or configured for a specific user or specific use, such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems. Historically, IHSs with desktop and laptop form factors have had conventional Operating Systems (OSs) (e.g., WINDOWS, LINUX, MAC OS, etc.) executed on INTEL or AMD's “x86”-type processors. Other types of processors, such as ARM processors, have been used in smartphones and tablet devices, which typically run thinner, simpler, or mobile OSs (e.g., ANDROID, IOS, WINDOWS MOBILE, etc.). More recently, however, IHS manufacturers have started producing full-fledged desktop and laptop IHSs equipped with ARM-based platforms. In fact, certain OSs (e.g., WINDOWS on ARM) have also been developed to provide users with a more quintessential OS experience on those platforms. Devices known as Embedded Controllers (ECs) have played a central role in their overall operation of traditional x86-based platforms. An EC is a microcontroller or processing core mounted on an IHS's motherboard which is configured to manage several critical IHS processes, ranging from early power rail sequencing to power limits and thermal limits, and to provide low-level hardware controls via a myriad of General-Purpose Input/Outputs (GPIOs). The EC is also responsible for facilitating Out-of-Band (OOB) management of its IHS. OOB management involves the use of dedicated interfaces for accessing and managing aspects of an IHS from a remote location, through a plane separate from the production network. As the inventors hereof have recognized, however, ARM-based platforms currently lack ECs (or other microcontrollers) usable to support OOB management. SUMMARY Systems and methods for Out-of-Band (OOB) policy management in heterogeneous computing platforms are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a heterogeneous computing platform comprising a plurality of devices and an OOB Microcontroller Unit (MCU) integrated into the heterogeneous computing platform, where the OOB MCU is configured to: receive an OOB packet comprising a policy or policy update; and enforce the policy or policy update. For example, the heterogeneous computing platform may include: a System-On-Chip (SoC), a Field-Programmable Gate Array (FPGA), or an Application-Specific Integrated Circuit (ASIC). The heterogeneous computing platform may include a Reduced Instruction Set Computer (RISC) processor and a plurality of devices coupled to an interconnect. The plurality of devices may include at least one of: a Graphical Processing Unit (GPU), an audio Digital Signal Processor (aDSP), a sensor hub, a Neural Processing Unit (NPU), a Tensor Processing Unit (TPU), a Neural Network Processor (NNP), an Intelligence Processing Unit (IPU), an Image Signal Processor (ISP), or a Video Processing Unit (VPU). And the interconnect may include at least one of: an Advanced Microcontroller Bus Architecture (AMBA) bus, a QuickPath Interconnect (QPI) bus, or a HyperTransport (HT) bus. The policy or policy update may include one or more restrictions associated with one or more of the plurality of devices. Additionally, or alternatively, the policy or policy update may include one or more restrictions associated with one or more external devices coupled to the heterogeneous computing platform via a high-speed bus controller. Additionally, or alternatively, the policy or policy update may include an OOB packet sniffing setting. To enforce the policy of policy update, the OOB MCU may be configured to write data onto an OS partition of a storage device coupled to the heterogeneous computing platform via a high-speed bus controller. The OOB packet