| CPC H04L 63/1466 (2013.01) [G06F 11/141 (2013.01); H04L 63/0218 (2013.01); G06F 2201/86 (2013.01)] | 12 Claims |
|
1. An Information Handling System (IHS), comprising:
a plurality of hardware devices; and
a Baseboard Management Controller (BMC) in communication with the plurality of hard ware devices, the BMC comprising instructions that are executable by at least one processor to:
monitor one or more operating characteristics of at least one hardware device of the plurality of hardware devices to determine whether or not a fault comprising the one or more operating characteristics has been occurring at a rate that exceeds a specified threshold, wherein the at least one hardware device is operating in a fixed pass-through configuration with a workspace, wherein the workspace has been instantiated by a workspace orchestration service executed on the IHS, and wherein the one or more operating characteristics comprise at least one of: an input/output (I/O) device fault, a correctable error, an uncorrectable error, an improper memory access request, or a page fault, and wherein the at least one hardware device comprises a Security Protocol and Data Model (SPDM)-enabled hardware device;
perform a mutual authentication procedure with the SPDM-enabled hardware device to form a SPDM-based trusted network between the SPDM-enabled hardware device and the BMC;
determine that the operating characteristics are indicative of a security breach of the fixed pass-through configuration; and
perform an operation to quarantine the at least one SPDM-enabled hardware device when the fixed pass-through configuration is determined to possess the security breach by maintaining the quarantined at least one SPDM-enabled hardware device in a quarantine state until a firmware update procedure has been performed on the at least one SPDM-enabled hardware device.
|