Encryption key management system and methods thereof

摘要

During execution of BIOS at an information handling system, a processor communicates with the storage controller via a command line protocol (CLP) communications channel. Via the channel, the processor obtains identification information for storage devices associated with the storage controller. The processor communicates the identification information to a key management client, which obtains encryption keys based on the identification information from a key management server. The processor receives the encryption keys, and communicates them to the storage controller via the CLP communications channel. The CLP communications channel thus provides a convenient and flexible interface for communication of security information prior to execution of an operating system.

主权项

1. A method, comprising:
executing Basic Input Output System (BIOS) code by a processor during a boot process, thereby determining a first command line protocol (CLP) entry point of an option read-only memory (ROM) and thereby generating data; storing the data in an outgoing CLP buffer; executing by the processor code at the first CLP entry point of the option ROM, the executing including reading the data stored in the outgoing CLP buffer; storing by the option ROM in an incoming CLP buffer a first request for a first security parameter, the first request generated as a result of executing the code at the first CLP entry point, wherein the incoming CLP buffer may be the same buffer as the outgoing CLP buffer and wherein the first security parameter comprises an encryption key associated with a storage device, the storage device associated with a storage controller; returning control of the processor to BIOS; receiving by BIOS the first request for the first security parameter via the incoming CLP buffer; determining the first security parameter based on the first request, comprising: communicating by BIOS a second request to a key management server, the second request based on the first request; and receiving the encryption key in response to the second request; and communicating the first security parameter to the option ROM during the boot process via placing the first security parameter in the outgoing CLP buffer.