| CPC G06F 21/575 (2013.01) [G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A cloud-based device management server comprising:
a processor; and
a non-transitory storage medium storing instructions executable on the processor to:
receive, from a baseboard management controller (BMC) of a monitored device, a measurement value of the monitored device associated with a chassis, a bootloader shim, a boot configuration, a boot device, or a server motherboard,
wherein receiving the measurement value is triggered prior to providing control of the monitored device to the bootloader shim;
receive, from the BMC, a nonce value that triggered a quote operation with a security co-processor of the monitored device prior to providing control of the monitored device to the bootloader shim,
wherein the measurement value is stored at the BMC and the nonce value is transmitted to a boot interface of the monitored device;
receive, from the BMC via a secure connection, the measurement value of the monitored device and identification of the monitored device to an attestation job; and
in response to integrity of the identification of the monitored device not being verified from the attestation job, cause an alert associated with the attestation job to be generated and transmitted to an entity associated with the monitored device.
|