BIOS secure data management system

What is claimed is: 1. A Basic Input/Output System (BIOS) secure data management system, comprising: a Basic Input/Output System (BIOS) that is configured to perform a boot process; a memory system that is configured to provide a System Management (SM) memory location that is only accessible by the BIOS such that only the BIOS stores data in the SM memory location and retrieves data from the SM memory location; and a trusted platform module (TPM) that includes a register and that is configured to: store sealed first secure data, wherein first secure data is encrypted using a value from the register that is expected based on execution of authorized code at a particular time period during the boot process to provide the sealed first secure data; use a first value in the register that is generated by performing a hash operation on a previous value in the register and at least one first measurement made during the boot process to unseal the sealed first secure data to provide unsealed first secure data; and provide the unsealed first secure data to the BIOS for storage in the SM memory location; wherein the BIOS is configured to: store the unsealed first secure data in the SM memory location; retrieve, during the boot process for use in performing a security function that requires the unsealed first secure data, the unsealed first secure data from the SM memory location; and use the unsealed first secure data to perform the security function. 2. The BIOS secure data management system of claim 1 , wherein the BIOS is configured to: determine that the SM memory location is available; and store, in response to determining that the SM memory location is available, the unsealed first secure data in the SM memory location. 3. The BIOS secure data management system of claim 2 , wherein: the memory system is configured to provide a non-SM memory location; the trusted platform module (TPM) is configured to: store sealed second secure data; use a one second value in the register that is generated based on at least one second measurement made during the boot process in order to unseal the sealed second secure data to provide unsealed second secure data; and provide the unsealed second secure data to the BIOS; and the BIOS is configured to: determine that the SM memory location is not available; store, in response to determining that the SM memory location is not available, the unsealed second secure data in the non-SM memory location; and retrieve the unsealed second secure data from the non-SM memory location and use the unsealed second secure data to perform a security function. 4. The BIOS secure data management system of claim 3 , wherein the BIOS provides a first secure data management service prior to the SM memory location being available and a second secure data management service subsequent to the SM memory location being available, and wherein, in response to determining that the SM memory location is available, the first secure data management service is configured to provide the unsealed second secure data to the second secure data management service, and wherein the second secure data management service is configured to store the unsealed second secure data in the SM memory location. 5. The BIOS secure data management system of claim 4 , wherein the second secure data management service is configured to: retrieve the unsealed second secure data from the SM memory location; and use the unsealed second secure data to perform a security function. 6. The BIOS secure data management system of claim 1 , wherein the TPM is configured to unseal the sealed first secure data using the first value from the register by: extending the first value in the register by performing a hash operation on the first value in the register and at least one second measurement made during the boot process to provide a second value in the register; and using the second value to unseal the sealed first secure data. 7. The BIOS secure data management system of claim 1 , wherein the TPM is configured to extend the first value in the register that was used to unseal the sealed first secure data to provide a second value in the register that is unsuitable for unsealing the sealed first secure data. 8. An information handling system (IHS), comprising: a Basic Input/Output System (BIOS) that is configured to perform a system boot process; a processing system; a memory system that is coupled to the processing system and that is configured to provide a System Management Random Access Memory (SMRAM) that is only accessible by the BIOS such that only the BIOS stores data in the SMRAM and retrieves data from the SMRAM; a storage system that includes an encrypted item; and a trusted platform module (TPM) that includes a register and that is configured to: store a sealed first decryption key, wherein a first decryption key is encrypted using a value from the register that is expected based on execution of authorized code at a particular time period during the system boot process to provide the sealed first decryption key; use a first value in the register that is generated by performing a hash operation on a previous value in the register and at least one first measurement made during the system boot process to unseal the sealed first decryption key to provide an unsealed first decryption key; and provide the unsealed first decryption key to the BIOS for storage in the SMRAM; and wherein the BIOS is configured to: store the unsealed first decryption key in the SMRAM; retrieve, during the boot process for use in decrypting the encrypted item, the unsealed first decryption key from the SMRAM; and use the unsealed first decryption key to decrypt the encrypted item in the storage system. 9. The IHS of claim 8 , wherein the BIOS is configured to: determine that the SMRAM is available; and store, in response to determining that the SMRAM is available, the unsealed first decryption key in the SMRAM. 10. The IHS of claim 9 , wherein: the memory system is configured to provide a non-SMRAM; the trusted platform module (TPM) is configured to: store a sealed second decryption key; use a second value in the register that is generated based on at least one second measurement made during the system boot process to unseal the sealed second decryption key to provide an unsealed second decryption key; and provide the unsealed second decryption key to the BIOS for storage in the non-SMRAM; and the BIOS is configured to: determine that the SMRAM is not available; store, in response to determining that the SMRAM is not available, the unsealed second decryption key in the non-SMRAM; and retrieve the unsealed second decryption key from the non-SMRAM and use the unsealed second decryption key to perform a security function. 11. The IHS of claim 10 , wherein the BIOS provides a first key management service prior to the SMRAM being available and a second key management service subsequent to the SMRAM being available, and wherein, in response to determining that the SMRAM is available, the first key management service is configured to provide the unsealed second decryption key to the second key management service, and wherein the second key management service is configured to store the unsealed second decryption key in the SMRAM. 12. The IHS of claim 11 , wherein the second key management service is configured to: retrieve the unsealed second decryption key from the SMRAM; and use the unsealed second decryption key to perform a security function. 13. The IHS of claim 8 , wherein the TPM is configured to unseal the sealed first decryption key us