Browse Prior Art Database

040316 - Secure Method for Access to Remote Vital Product Data for OEM Blades in a BladeCenter Environment

IP.com Disclosure Number: IPCOM000126477D
Original Publication Date: 2005-Jul-20
Included in the Prior Art Database: 2005-Jul-20
Document File: 2 page(s) / 25K

Publishing Venue

IBM

Abstract

In todays BladeCenter, each blade describes itself through a blade stored EEPROM which contains Vitial Product Data (VPD). The Management Module (MM) reads this EEPROM and makes management decisions based upon the EEPROM data. During manufacturing time as well as customer use situations, it is possible for this EEPROM to become corrupted. These corruptions may cause unexpected results. Additionally, new blades are being designed for the BladeCenter on a regular basis by outside companies. These companies have a specification to follow, but there is a potential that a new blade's VPD will cause systems management problems due to corrupted or inaccurate VPD. What is needed is a method for blade developing companies (OEMs) to completely control the contents of VPD on their blade and for the Management Module to securely verify that the blade VPD comes from the correct source prior to relying upon the data's accuracy.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

040316 - Secure Method for Access to Remote Vital Product Data for OEM Blades in a BladeCenter Environment

     This invention uses product and company identifiers as well as a digital signature located in the VPD EEPROM in order to retrieve the most recent contents of VPD directly from the OEM in a secure and trusted manner.

Background:

     The Vital Product Data (VPD) on a processor blade provides critical information required by the system management software in order to properly bring up, operate, and maintain the blade. The data in the VPD is fixed, or static. The following are examples of the type of data stored in the VPD: machine type, model number, serial number, FRU number, manufacturer number, hardware revision level, and MAC addresses. In most cases, the VPD is stored on a device such as an EEPROM.

     In today's BladeCenter, the management software assumes the VPD is correctly populated before using it. All fields have to be implicitly trusted. In essence, there is no way to tell if the VPD information is correct.

     VPD is physically located on the blade which can be a problem if the VPD data is found to be incorrect or needs to be updated after the manufacturing process. The management software has to be upgraded to handle the incorrect data, or new blades have to be shipped. Furthermore, the addition of new fields to the existing VPD is impossible.

Invention Details:

     This invention replaces the standard VPD with a micro-VPD. The micro-VPD area is a smaller VPD partition which includes only enough information for the system management software to locate, via a network connection, the remote VPD area. The micro-VPD area should contain the manufacturer number, model number, hardware revision level, serial number, and a reference to the remote-VPD. This reference can be in the form of an IP address or DNS resolvable hostname. The micro-VPD must be trusted, meaning that the integrity and authenticity of its content must be verifiable. This is accomplished by including a digital signature in the micro-VPD. The well known RSA or DSA algorithms can be used to generate and verify the signature.

     Once the digital signature is veri...