Systems and methods for restoring secure connections between data processing systems and control planes

What is claimed is: 1. A method for managing operations of a data processing system, the method comprising: identifying that a secret management component of the data processing system has been replaced; and based on the secret management component having been replaced: obtaining a recovery secret from a recovery partition of the data processing system, the recovery partition being a logical allocation of storage resources of a physical data storage device that is distinct from the secret management component, and the recovery partition is reserved for exclusive use by an agent of the data processing system that manages recovery of connections with a device management system after failure of the secret management component; attempting to establish a recovery connection between the data processing system and the device management system using the recovery secret; and in a first instance of the attempting where the recovery connection is established using the recovery secret: initiating generation of a new normal secret; initiating generation of a new recovery secret; storing the new normal secret in a replacement secret management component; replacing the recovery secret in the recovery partition with the new recovery secret; initiating establishment of a new normal connection using the new normal secret in the replacement secret management component; and terminating the recovery connection so that only the new normal connection is available for communication between the data processing system and the device management system. 2. The method of claim 1 , wherein the secret management component is a trusted platform module (TPM) hosted by a motherboard of the data processing system. 3. The method of claim 2 , wherein the secret management component that was replaced previously stored, before being replaced, a normal secret used to securely communicate with the device management system. 4. The method of claim 1 , wherein the recovery secret is partially trusted by the device management system and the device management system requires at least one additional indication of trustworthiness for the recovery secret to be fully trusted by the device management system. 5. The method of claim 1 , wherein attempting to establish the recovery connection comprises: sending, by an agent, a data package to the device management system comprising an identifier of the replacement secret management component and/or a replaced motherboard of the data processing system; refusing, by the device management system and prior to being notified that the secret management component has been replaced, to establish the recovery connection; and participating, by the device management system and after being notified that the secret management component has been replaced, in establishment of the recovery connection. 6. The method of claim 5 , further comprising: while refusing to establish the recovery connection: obtaining, by the device management system and from a trusted system, a notification indicating that the secret management component has been replaced. 7. The method of claim 6 , wherein the trusted system is a data processing system used by a person that was tasked with replacing the secret management component. 8. The method of claim 5 , wherein refusing to establish the recovery connection comprises: comparing, by the device management system, at least one of the identifier of the replacement secret management component and/or the identifier of the replaced motherboard to a known set of trusted identifiers of hardware components; in a first instance of the comparing where the at least one of the identifier of the replacement secret management component and/or the identifier of the replaced motherboard is not any of the known set of trusted identifiers of hardware components: concluding that the data processing system is untrustworthy; and in a second instance of the comparing where the at least one of the identifier of the replacement secret management component and/or the identifier of the replaced motherboard is one of the known set of trusted identifiers of hardware components: concluding that the data processing system is trustworthy based on being notified that the secret management component has been replaced. 9. The method of claim 1 , wherein initiating generation of the new normal secret comprises: providing, by an agent of the data processing system, a potential normal secret to the device management system; signing, by the device management system, the potential normal secret to obtain the new normal secret; and obtaining, by the data processing system and from the device management system, the new normal secret. 10. The method of claim 9 , wherein the new normal secret is generated by the data processing system and provided to the device management system for validation. 11. The method of claim 1 , wherein once the new normal secret is stored in the secret management component, the secret management component screens access to the new normal secret and facilitates selective use of the new normal secret while a security posture of the data processing system meets security requirements. 12. The method of claim 1 , further comprising: prior to identifying that the secret management component of the data processing system has been replaced: establishing a normal connection using a normal secret that is managed by the secret management component prior to replacement and that allows a secure communication channel between the data processing system and the device management system to be instantiated, the normal secret being separately stored in the secret management component; and using the normal connection to establish the recovery secret to store in the recovery partition. 13. The method of claim 12 , wherein the data processing system is restricted from communicating with other devices other than the device management system. 14. A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing operations of a data processing system, the operations comprising: identifying that a secret management component of the data processing system has been replaced; and based on the secret management component having been replaced: obtaining a recovery secret from a recovery partition of the data processing system, the recovery partition being a logical allocation of storage resources of a physical data storage device that is distinct from the secret management component, and the recovery partition is reserved for exclusive use by an agent of the data processing system that manages recovery of connections with a device management system after failure of the secret management component; attempting to establish a recovery connection between the data processing system and the device management system using the recovery secret; and in a first instance of the attempting where the recovery connection is established using the recovery secret: initiating generation of a new normal secret; initiating generation of a new recovery secret; storing the new normal secret in a replacement secret management component; replacing the recovery secret in the recovery partition with the new recovery secret; initiating establishment of a new normal connection using the new normal secret in the replacement secret management component; and terminating the recovery connection so that only the new normal connection is available for communication between the data processing system and the device management system.