公开(公告)号：US20200097661A1

公开(公告)日：2020-03-26

申请号：US16138871

申请日：2018-09-21

Applicant: International Business Machines Corporation

Inventor： Timothy R. Block ,  Elaine R. Palmer ,  Kenneth A. Goldman ,  Christopher J. Engel ,  William E. Hall

IPC: G06F21/57 ,  H04L9/32 ,  H04L29/06

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

公开(公告)号：US09697167B2

公开(公告)日：2017-07-04

申请号：US15075115

申请日：2016-03-19

Applicant: International Business Machines Corporation

Inventor： Jesse P. Arroyo ,  Ellen M. Bauman ,  Timothy R. Block ,  Christopher J. Engel ,  Kaveh Naderi ,  Harald Pross ,  Thomas R. Sand

IPC: G06F13/42 ,  G06F11/20 ,  G06F13/40

CPC classification number: G06F13/4282 ,  G06F11/2007 ,  G06F13/4027

Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.

公开(公告)号：US09582366B2

公开(公告)日：2017-02-28

申请号：US14549957

申请日：2014-11-21

Applicant: International Business Machines Corporation

Inventor： Jesse P. Arroyo ,  Ellen M. Bauman ,  Timothy R. Block ,  Christopher J. Engel ,  Kaveh Naderi ,  Gregory M. Nordstrom ,  Harald Pross ,  Thomas R. Sand

IPC: G06F11/30 ,  G06F11/14 ,  G06F11/22 ,  G06F11/07 ,  G06F13/40 ,  G06F13/42 ,  G06F13/28

CPC classification number: G06F11/1423 ,  G06F11/0793 ,  G06F11/221 ,  G06F11/2221 ,  G06F11/2247 ,  G06F11/3027 ,  G06F11/3041 ,  G06F11/3051 ,  G06F13/287 ,  G06F13/4022 ,  G06F13/4282

Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and a PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.

Abstract translation: 提供了一种方法，系统和计算机程序产品，用于检测连接到IO抽屉的光学外围组件互连Express（PCI-Express或PCIE）电缆通道的状态和备用。 提供系统固件，用于实现健康检查功能和状态检测和备用功能。 一个或多个光缆连接在主机桥和PCIE机箱之间，每个光缆包括一个或多个备用光通道。 识别的故障光通道被重新路由到备用光通道。

公开(公告)号：US10885197B2

公开(公告)日：2021-01-05

申请号：US16138871

申请日：2018-09-21

Applicant: International Business Machines Corporation

Inventor： Timothy R. Block ,  Elaine R. Palmer ,  Kenneth A. Goldman ,  Christopher J. Engel ,  William E. Hall

IPC: G06F15/177 ,  G06F21/57 ,  H04L29/06 ,  H04L9/32 ,  G06F9/4401

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.

公开(公告)号：US20160147606A1

公开(公告)日：2016-05-26

申请号：US14866931

申请日：2015-09-26

Applicant: International Business Machines Corporation

Inventor： Jesse P. Arroyo ,  Ellen M. Bauman ,  Timothy R. Block ,  Christopher J. Engel ,  Kaveh Naderi ,  Gregory M. Nordstrom ,  Harald Pross ,  Thomas R. Sand

IPC: G06F11/14 ,  G06F13/42 ,  G06F11/07 ,  G06F13/40 ,  G06F11/30 ,  G06F11/22

CPC classification number: G06F11/1423 ,  G06F11/0793 ,  G06F11/221 ,  G06F11/2221 ,  G06F11/2247 ,  G06F11/3027 ,  G06F11/3041 ,  G06F11/3051 ,  G06F13/287 ,  G06F13/4022 ,  G06F13/4282

Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.

Abstract translation: 提供了一种方法，系统和计算机程序产品，用于检测连接到IO抽屉的光学外围组件互连Express（PCI-Express或PCIE）电缆通道的状态和备用。 提供系统固件，用于实现健康检查功能和状态检测和备用功能。 一个或多个光缆连接在主机桥和PCIE机箱之间，每个光缆包括一个或多个备用光通道。 识别的故障光通道被重新路由到备用光通道。

公开(公告)号：US11206141B2

公开(公告)日：2021-12-21

申请号：US16138804

申请日：2018-09-21

Applicant: International Business Machines Corporation

Inventor： Timothy R. Block ,  Elaine R. Palmer ,  Kenneth A. Goldman ,  Christopher J. Engel ,  William E. Hall

IPC: G06F21/00 ,  H04L9/32 ,  H04L9/08 ,  G06F21/57 ,  G06F21/62

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

公开(公告)号：US20180081761A1

公开(公告)日：2018-03-22

申请号：US15826338

申请日：2017-11-29

Applicant: International Business Machines Corporation

Inventor： Jesse P. Arroyo ,  Ellen M. Bauman ,  Timothy R. Block ,  Christoper J. Engel ,  Kaveh Naderi ,  Gregory M. Nordstrom ,  Harald Pross ,  Thomas R. Sand

IPC: G06F11/14 ,  G06F13/28 ,  G06F11/30 ,  G06F11/22 ,  G06F13/42 ,  G06F11/07 ,  G06F13/40

CPC classification number: G06F11/1423 ,  G06F11/0793 ,  G06F11/221 ,  G06F11/2221 ,  G06F11/2247 ,  G06F11/3027 ,  G06F11/3041 ,  G06F11/3051 ,  G06F13/287 ,  G06F13/4022 ,  G06F13/4282

Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.

公开(公告)号：US20160147705A1

公开(公告)日：2016-05-26

申请号：US14549801

申请日：2014-11-21

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Jesse P. Arroyo ,  Ellen M. Bauman ,  Timothy R. Block ,  Christopher J. Engel ,  Kaveh Naderi ,  Harald Pross ,  Thomas R. Sand

IPC: G06F13/42 ,  G06F11/07 ,  G06F9/445

CPC classification number: G06F13/4282 ,  G06F11/2007 ,  G06F13/4027

Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.

公开(公告)号：US20200099536A1

公开(公告)日：2020-03-26

申请号：US16138804

申请日：2018-09-21

Applicant: International Business Machines Corporation

Inventor： Timothy R. Block ,  Elaine R. Palmer ,  Kenneth A. Goldman ,  Christopher J. Engel ,  William E. Hall

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/57 ,  G06F21/62

Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.

公开(公告)号：US20200067912A1

公开(公告)日：2020-02-27

申请号：US16106069

申请日：2018-08-21

Applicant: International Business Machines Corporation

Inventor： Timothy R. Block ,  Elaine R. Palmer ,  Kenneth A. Goldman ,  William E. Hall ,  Hugo M. Krawczyk ,  David D. Sanner ,  Christopher J. Engel ,  Peter A. Sandon ,  Alwood P. Williams, III

IPC: H04L29/06 ,  H04L9/08 ,  G06F9/445 ,  G06F9/455 ,  G06F9/4401

Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.