Computer security refers to information security associated with computer platforms. The objective of computer security is to ensure the confidentiality, integrity, and/or availability of information that is stored or processed on the computer platform. In one respect, computer security may reduce the vulnerability of computer-based information to malicious software. A known method for achieving computer security involves establishing a trust domain that includes only trusted hardware that runs only validated software and firmware.
Conventional methods for establishing a trust domain have many disadvantages. For example, methods that self-validate firmware are vulnerable to spoofing by malicious code. Moreover, since trust domains are typically anchored in host CPU hardware, conventional methods are unable to extend the trust domain to all components of the server platform. This is especially a problem, for instance, when the server platform includes system service processors (SSPs) or other components that are supplied by more than one vendor. For at least these reasons, improved systems and methods for establishing a trust domain are needed.