The United Nations’ Global E-waste Monitor estimates that the world generates over 60 million tonnes of e-waste annually. Furthermore, this number is rising five times as fast as e-waste recycling. Much of this waste comes from prematurely discarded electronic devices.
Many enterprises follow a standard three-year replacement cycle, assuming older computers are inefficient. However, many of these devices are still functional and could perform well with minor upgrades or maintenance. The issue is, no one knows what the weak points are for a particular machine, or what the needed maintenance is, and the diagnostics would be too costly and time-consuming. It’s easier to just buy brand new laptops.
When buying a used car, dealerships and individual buyers can access each car’s particular CarFax report, detailing the vehicle’s usage and maintenance history. Armed with this information, dealerships can perform the necessary fixes or upgrades before reselling the car. And individuals can decide whether to trust that vehicle’s performance. We at HP realized that, to prevent unnecessary e-waste, we need to collect and make available usage and maintenance data for each laptop, like a CarFax for used PCs.
There is a particular challenge to collecting usage data for a PC, however. We need to make sure to protect the user’s privacy and security. So, we set out to design a data-collection protocol for PCs that manages to remain secure.
The firmware-level data collector
Luckily, the sensors that can collect the necessary data are already installed in each PC. There are thermal sensors that monitor CPU temperature, power-consumption monitors that track energy efficiency, storage health indicators that assess solid state drive (SSD) wear levels, performance counters that measure system utilization, fan-rotation-speed sensors that detect cooling efficiency, and more. The key is to collect and store all that data in a secure yet useful way.
We decided that the best way to do this is to integrate the life-cycle records into the firmware layer. By embedding telemetry capabilities directly within the firmware, we ensure that device health and usage data is captured the moment it is collected. This data is stored securely on HP SSD drives, leveraging hardware-based security measures to protect against unauthorized access or manipulation.
The secure telemetry protocol we’ve developed at HP works as follows. We gather the critical hardware and sensor data and store it in a designated area of the SSD. This area is write-locked, meaning only authorized firmware components can write to it, preventing accidental modification or tampering. That authorized firmware component we use is the Endpoint Security Controller, a dedicated piece of hardware embedded in business-class HP PCs. It plays a critical role in strengthening platform-level security and works independently from the main CPU to provide foundational protection.
The secure telemetry protocol collects data from sensors into a piece of hardware known as an endpoint security controller, with built-in security protections. The endpoint security controller then writes the data to a dedicated read-only portion of the solid state drive, where authorized operating system applications can access the data. Mark Montgomery
The endpoint security controller establishes a secure session by retaining the secret key within the controller itself. This mechanism enables read data protection on the SSD—where telemetry and sensitive data are stored—by preventing unauthorized access, even if the operating system is reinstalled or the system environment is otherwise altered.
... continue reading