Controlling the Configuration of Computer Systems

What is claimed is: 1 . A computer program product comprising a computer usable memory including a computer readable program, wherein the computer readable program when executed on a computer system causes the computer system to execute program code for controlling configuration of a computer system comprising at least one exchangeable component, the program code executable by a processor to: generate a first pair of a first private key and a first public key for each accepted manufacturer of the exchangeable components and a second pair of a second private key and a second public key for the computer system; assign an identifier for each exchangeable component and store the identifier together with a signature over the identifier generated with the first private key; encrypt the identifier and the signature with the second public key; receive configuration data comprising a list of encrypted identity records comprising identifiers of the components together with signatures over the data generated with the first private key of each component expected to be attached to the respective computer system, decrypt data with the second private key stored on the computer system, and store the received configuration data together with the signature generated from the first private key of each expected component in a configuration database; and receive a configuration record from the configuration database comprising configuration data on a controlled computer system and compare the configuration data of each expected component with the configuration data of the components currently attached to the computer system, and report any mismatches, wherein the comparison uses the stored identifier, and wherein a signature is verified using the first public key stored in a secure area in computer system firmware. 2 . The computer program product of claim 1 , further comprising program code to create the signature for validating the identifier of the component using the first private key and/or encrypting with the second public key. 3 . The computer program product of claim 2 , further comprising program code to decrypt the identifier with the second private key and validate the signature on the computer system using the first public key. 4 . The computer program product of claim 2 , further comprising program code to create an identity record, comprising: requesting the exchangeable component by a component order; providing a world-wide unique number as an identifier for the component; creating an identity record comprising the world-wide unique number and optional identification data of the computer system and a customer of the computer system; and signing the identity record with the signature using the second private key. 5 . The computer program product of claim 4 , further comprising program code to attach a component to the computer, and program code comprising: reading the identity record; retrieving a system ID; decrypting with the private key of the computer system and validating the signature of the identity record with the first public key; importing the configuration data into the configuration database; connecting the component to the computer system; sensing the component configuration data currently attached by the computer system; and comparing the exchangeable component configuration data from the received configuration record with the configuration data of the components currently attached to the computer system. 6 . The computer program product of claim 5 , further comprising program code to enable components which are already attached but not enabled to the computer system. 7 . The computer program product of claim 6 , further comprising program code to ensure the attachment of an authorized and functional component. 8 . A system for execution of a data processing program comprising software code portions to perform, the system comprising: a processing unit in communication with memory; a tool to control configuration of a computer system, the system comprising one or more exchangeable components, the exchangeable components to store an identifier and provide the identifier to the computer system when being attached to it, the tool to: generate a first pair of a first private key and a first public key for each accepted manufacturer of the exchangeable components and a second pair of a second private key and a second public key for the computer system; assign an identifier for each exchangeable component and store the identifier together with a signature over the identifier generated with the first private key, the identifier as well as the signature being encrypted with the public key of the computer system; receive configuration data comprising a list of encrypted identity records comprising identifiers of the components together with signatures over the data generated with the first private key of each component expected to be attached to the respective computer system, decrypt the data with the second private key stored on the computer system, and store the received configuration data together with the signature; receive a configuration record comprising the configuration data on a controlled computer system and compare the configuration data of the exchangeable components with the configuration data of the components currently attached to the computer system, and report any mismatches, wherein the comparison uses the stored identifier stored in the respective identification means, and verify the signature using the first public key stored in firmware of the computer system. 9 . The system of claim 8 , further comprising the tool to create the signature for validating the identifier of the component using the first private key and/or encrypting with the second public key. 10 . The system of claim 9 , further comprising the tool to decrypt the identifier with the second private key and validate the signature on the computer system using the first public key. 11 . The system of claim 9 , further comprising the tool to create an identity record, comprising: requesting the exchangeable component by a component order; providing a world-wide unique number as an identifier for the component; creating an identity record comprising the world-wide unique number and optional identification data of the computer system and a customer of the computer system; and signing the identity record with the signature using the second private key. 12 . The system of claim 11 , further comprising the tool to attach a component to the computer, comprising: reading the identity record; retrieving a system ID; decrypting with the private key of the computer system and validating the signature of the identity record with the first public key; importing the configuration data into the configuration database; connecting the component to the computer system; sensing the component configuration data currently attached by the computer system; and comparing the exchangeable component configuration data from the received configuration record with the configuration data of the components currently attached to the computer system. 13 . The system of claim 12 , further comprising the tool to enable components which are already attached but not enabled to the computer system. 14 . The system of claim 13 , further comprising the tool to ensure the attachment of an authorized and functional component. 15 . A method for controlling configuration of a computer system, comprising one or more exchangeable components, the exchangeable components to store an identifier and provide the id