US 11,989,305 B2
Automated update of a customized secure boot policy
Marshal F. Savage, Austin, TX (US); and William C. Munger, Round Rock, TX (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Jul. 21, 2022, as Appl. No. 17/870,459.
Prior Publication US 2024/0028735 A1, Jan. 25, 2024
Int. Cl. G06F 1/24 (2006.01); G06F 21/57 (2013.01); H04L 9/32 (2006.01); G06F 9/4401 (2018.01)
CPC G06F 21/575 (2013.01) [G06F 21/572 (2013.01); H04L 9/3236 (2013.01); H04L 9/3247 (2013.01); G06F 9/4401 (2013.01)] 14 Claims
OG exemplary drawing
 
1. An information handling system comprising:
a memory to store a secure boot policy for a plurality of input/output (I/O) devices in the information handling system;
a baseboard management controller (BMC) to:
perform a firmware update for a first I/O device of the I/O devices; and
in response to the firmware update being completed successfully, create a system management task; and
a basic input/output system (BIOS), during a next boot after the creation of the system management task, the BIOS to:
detect the system management task;
based on the detection of the system management task, calculate a new hash value for a firmware image of the firmware update; and
replace a previous hash value with the new hash value in the secure boot policy, wherein the replacement includes the BIOS further to:
move the previous firmware hash value from an allow list database within the secure boot policy to a deny list database within the secure boot policy; and
add the new firmware hash value to the allow list database.