An anonymous reader writes: When buying a used car, dealerships and individual buyers can access each car’s particular CarFax report, detailing the vehicle’s usage and maintenance history. Armed with this information, dealerships can perform the necessary fixes or upgrades before re-selling the car. And individuals can decide whether to trust that vehicle’s performance. We at HP realized that, to prevent unnecessary e-waste, we need to collect and make available usage and maintenance data for each laptop, like a CarFax for used PCs. There is a particular challenge to collecting usage data for a PC, however. We need to make sure to protect the user’s privacy and security. So, we set out to design a data collection protocol for PCs that manages to remain secure.
Luckily, the sensors that can collect the necessary data are already installed in each PC. There are thermal sensors that monitor CPU temperature, power consumption monitors that track energy efficiency, storage health indicators that assess solid state drive (SSD) wear levels, performance counters that measure system utilization, fan rotation speed sensors that detect cooling efficiency, and more. The key is to collect and store all that data in a secure yet useful way. We decided that the best way to do this is to integrate the lifecycle records into the firmware layer. By embedding telemetry capabilities directly within the firmware, we ensure that device health and usage data is captured the moment it is collected. This data is stored securely on HP SSD drives, leveraging hardware-based security measures to protect against unauthorized access or manipulation. [...]
The telemetry log serves as the foundation for a comprehensive device history report. Much like a CarFax report for used cars, this report, which we call PCFax, will provide both current users and potential byers with crucial information. The PCFax report aggregates data from multiple sources beyond just the on-device telemetry logs. It combines the secure firmware-level usage data with information from HP’s factory and supply chain records, digital services platforms, customer support service records, diagnostic logs, and more. Additionally, the system can integrate data from external sources including partner sales and service records, refurbishment partner databases, third-party component manufacturers like Intel, and other original equipment manufacturers. This multi-source approach creates a complete picture of the device’s entire lifecycle, from manufacturing through all subsequent ownership and service events.