System and method for firmware image integrity verification

What is claimed is: 1. An information handling system, comprising: a memory to store a plurality of hash values for a plurality of firmware components for the information handling system, wherein a different one of the hash values corresponds to a different one of the firmware components; and a processor to: receive, from a second information handling system, an off-host image verification request; in response to the off-host image verification request, read first metadata for a next firmware component; provide the first metadata for the next firmware component to the second information handling system; receive a golden hash value from the second information handling system, wherein the golden hash value is based on the first metadata for the next firmware component in the second information handling system; retrieve a first hash value from the memory based on the first metadata for the next firmware component; determine whether the first hash value matches the golden hash value; in response to the first hash value not matching the golden hash value, apply a mitigation policy; and in response to the first hash value matching the golden hash value, provide a device verification signal. 2. The information handling system of claim 1 , wherein the processor further to: receive, from an update server, a new firmware component; generate a local hash value for the new firmware component based on second metadata of the new firmware component; and store the local hash value in the memory, wherein the local hash value is associated with the second metadata. 3. The information handling system of claim 2 , wherein the storage of the local hash value in the memory includes the processor further to: update a local system firmware volume data with the local hash value and the second metadata for the new firmware component. 4. The information handling system of claim 1 , wherein the first metadata includes a system identifier, a payload version, and a payload identifier of the next firmware component. 5. The information handling system of claim 1 , the application of the mitigation policy includes the processor further to: trigger a new firmware update for the next firmware component of the information handling system. 6. The information handling system of claim 1 , the application of the mitigation policy includes the processor further to: recover to a previous firmware package version for the next firmware component of the information handling system. 7. The information handling system of claim 1 , wherein the determination of whether the first hash value matches the golden hash value includes the processor further to: compare, by a secure system management mode driver of the processor, the first hash value with the golden hash value. 8. The information handling system of claim 1 , wherein in response to the first hash value not matching the golden hash value, the processor further to send a security violation notification. 9. The information handling system of claim 1 , wherein the memory is a serial peripheral interface flash memory. 10. A method, comprising: storing, in a memory, a plurality of hash values for a plurality of firmware components for an information handling system, wherein a different hash value of the hash values corresponds to a different firmware component of the firmware components; receiving, by a processor of the information handling system, an off-host image verification request from a second information handling system; in response to the off-host image verification request, reading first metadata for a next firmware component; providing the first metadata for the next firmware component to the second information handling system; receiving a golden hash value from the second information handling system, wherein the golden hash value is based on the first metadata for the next firmware component; retrieving a first hash value from the memory based on the first metadata for the next firmware component; if first hash value does not match the golden hash value, then applying a mitigation policy; and else providing a device verification signal. 11. The method of claim 10 , further comprising: receiving, from an update server, a new firmware component; generating a local hash value for the new firmware component based on second metadata of the new firmware component; and storing the local hash value in the memory, wherein the local hash value is associated with the second metadata. 12. The method of claim 11 , wherein the storing of the local hash value in the memory further comprises: updating a local system firmware volume data with the local hash value and the second metadata for the new firmware component. 13. The method of claim 10 , wherein the first metadata includes a system identifier, a payload version, and a payload identifier of the next firmware component. 14. The method of claim 10 , the applying of the mitigation policy further comprises: triggering a new firmware update for the next firmware component of the information handling system. 15. The method of claim 10 , the applying of the mitigation policy further comprises: recovering to a previous firmware package version for the next firmware component of the information handling system. 16. The method of claim 10 , wherein the determining of whether the first hash value matches the golden hash value further comprises: comparing, by a secure system management mode driver of the processor, the first hash value with the golden hash value. 17. The method of claim 10 , further comprising: in response to the first hash value not matching the golden hash value, sending, by the processor a security violation notification. 18. A non-transitory computer-readable medium including code that when executed by a processor causes the processor to perform a method, the method comprising: providing an off-host image verification request to an information handling system; receiving first metadata associated with a next firmware component; generating a golden hash value based on the first metadata; requesting a local hash value for the next firmware component; receiving the local hash value from the information handling system; if the local hash value does not match the golden hash value, then marking the information handling system as a non compliance device; and if the local hash value does match the golden hash value, then marking the information handling system as an assured device. 19. The non-transitory computer-readable medium of claim 18 , wherein the method further comprises: in response to the local hash value not matching the golden hash value, sending a command to the information handling system to run a mitigation policy. 20. The non-transitory computer-readable medium of claim 18 , wherein the first metadata includes a system identifier, a payload version, and a payload identifier of the next firmware component.