As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Security of administrator credentials and certificates for out of band management of an information handling system has long been a concern. To overcome some of these concerns, management controllers for out of band management of information handling systems include a credential vault which is based on a hardware root of trust in the silicon of the management controller, thus ensuring a level of secure storage that is protected via a verified chain of trust during each boot of the information handling system. However, such approaches may have disadvantages. For example, such approaches may protect an information handling system from a boot time detection of compromise, but a compromise occurring during host system runtime may still be able to access secrets within the credential vault contents. In addition, secrets within the credential vault are not protected from compromise of a management controller or a physical access to the information handling system.