Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
4791 Discussions

Intel I210-T1 and disabling MCTP

PThoe1
Beginner
4,192 Views

So I noticed the I210-T1 supports MCTP and not seeing where I can disable this, checked the firmware boot config guide and it was conspicuously blank: https://www-ssl.intel.com/content/www/us/en/support/articles/000005790/software/manageability-products.html Upgrade, Enable, or Disable Flash with the Intel® Ethernet Flash...

Also anybody know if the I210-T1 hooks into IME if the onboard (which IME normally uses) is disabled, i.e. I get the feeling Intel is sneaky like that.

Message was edited by: Peter Thoenen - Typo

0 Kudos
15 Replies
idata
Employee
2,745 Views

Hi PeterTe,

Thank you for posting in Wired Communities. Can you further clarify about this "know if the I210-T1 hooks into IME if the onboard (which IME normally uses) is disabled"?

Looking forward to your reply so that I can better check on this.

 

Regards,

 

Sharon

 

0 Kudos
PThoe1
Beginner
2,745 Views

Sure, on that second question I have seen conflicting reports that IME only uses the onboard NIC and equally I have seen reports which state "no, it's directly tied into the PCI bus so whether it's soldered or plugged in, IME has hooks into all PCI NICs hence disabling the onboard and using a PCIE card (ala the I210-T1) is irrelevant as IME will simply use it as alternate path" (i.e. defeats the purpose of buying this card). In both cases these polar opposite reports come from people and organizations I highly trust and have for decades.

OFC neither answer is relevant to the other question which is how does one disable MCTP (or MCHI as effectively disabling either will do the same thing) on this NIC but regardless would like an answer for both.

The goal of purchasing this card is to have a NIC that simply functions has a high quality NIC with all remote low level access disabled at the NIC level (i.e. MCTP/MCHI/IME all disabled or not use as no network path).

0 Kudos
idata
Employee
2,745 Views

Hi Peter Te,

 

 

Thank you for the information and clarification. I will check on this.

 

 

Regards,

 

Sharon

 

0 Kudos
idata
Employee
2,745 Views

Hi Peter Te,

 

 

Further checking, please submit your inquiry to sourceforge support for a feature request via the ticket option at https://sourceforge.net/p/e1000/mailman/e1000-devel/thread/4893591.dl3XO76euB%40wuerfel/

 

 

They will further assist you from there.

 

 

Thanks,

 

Sharon

 

0 Kudos
PThoe1
Beginner
2,745 Views

Thank you Sharon but I just want to make sure I understand your answer. You are saying that Intel does not allow MCTP to be disabled on the I210-T1 using it's existing Intel provided drivers and that I should submit a feature request for that? Also are you sure that mailing list is the correct place? It states it is for Linux related stuff and I am neither using LInux nor ARM but a good old Intel i7-8700 with Windows 10.

Also any progress on my question about IME listening in on non-onboard PCI cards?

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Thank you for the clarification about the OS used. I will further check for you.

 

 

Regards,

 

Sharon

 

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Please provide the NIC's MM# , this piece of information can be found on the white sticker on the physical NIC. It is a 6 digits number usually start with number 9 which is located beside the barcode and below the complete model name of the Network adapter.

 

 

You can also contact our embedded support for them to better assist your inquiry.

 

https://embedded.communities.intel.com/community/en

 

 

Thanks,

 

Sharon
0 Kudos
PThoe1
Beginner
2,745 Views

Hello Sharon,

I mean no offense at this but I don't think you understand the problem as your responses this entire thread have had nothing to do with the question.

Question 1: Intel Active Management Technology (AMT), part of the Intel Management Engine (ME), is understood to use the onboard Intel NIC to perform it's AMT/ME functions; this is completely operating system independent in the same way IMPI/ILO/BMC/iDRAC is all OS independent, it is a NIC/CPU firmware level protocol. The question here is, if the onboard server NIC is disabled, does AMT/ME then, as an alternative path, use the PCI NIC (in this case the Intel I210-T1). This has absolutely nothing to do with the operating system, embedded devices, etc. It's simply a question you should pose your AMT/ME team (or the wired NIC team) about how does IME work and is it limited to the buildin NIC or does it affect all NICS (via the PCI bus).

Question 2: The I210-T1 supports Management Component Transport Protocol (MCTP). This protocol, like AMT/ME, functions at a direct access firmware layer2/3 level and is operating system independent nor is it related to CPU architectures, embedded devices, etc. MCTP support is documented here under sections 2.12 and 3.10 (https://www.intel.com/content/dam/www/public/us/en/documents/faqs/ethernet-controller-i210-i211-faq.pdf?asset=9597 https://www.intel.com/content/dam/www/public/us/en/documents/faqs/ethernet-controller-i210-i211-faq.pdf?asset=9597 ) . What is NOT mentioned is can this being disabled or, if not, how it's configured. As Intel themselves have acknowledged MCTP should be ACL'ed (if not disabled) [https://www.intel.com/content/dam/support/us/en/documents/software/software-applications/mctp_over_pcie_access_control_list_extensions.pdf https://www.intel.com/content/dam/support/us/en/documents/software/software-applications/mctp_over_pcie_access_control_l… ] though once again the "how" is not given . So what I am looking for here is "can I disable MCTP" and if so "how" and if not, then how do I ACL it per Intel's own recommendation, i.e. what is the interface to the NIC to do this.

Once again NONE of that has to do with embedded systems, Linux, Windows, ARM, OS drivers, etc etc. This is a Intel product which lists itself as supporting these protocols, should be a simply enough question for the product team to answer.

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Thank you for the information. I apologize for any confusion, we need the MM# in order to check which firmware is installed , what features are enabled and how to disable them. This information and the tool to make changes are available via the Embedded Design Center and require an NDA to access. And with regards your two questions, please find information below"

 

 

 

1: The I210 datasheet located here https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210-ethernet-controller-datasheet.pdf shows this on page 749

 

 

"The I210 supports NC-SI over MCTP protocol over the PCI Express and SMBus busses. The I210 can connect through MCTP to a MC or the ME engine in the chipset"

 

 

There is also a lot of information in the datasheet about MCTP and how to format the messages to send to the NIC.

 

 

2. As above, we need to know what firmware you have in order to check what features we can disable. As far as the ACL's, how to do it would depend on the management platform that you are using. MCTP is just the protocol definition for communication between different hardware components. Like another protocol, TCP, you do not write TCP headers directly but use it through an interface and the network stack.

 

 

 

Please feel free to update me. Thank you.

 

 

Regards,

 

Sharon

 

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

I also sent a PM to you.

 

 

Thanks,

 

Sharon

 

0 Kudos
PThoe1
Beginner
2,745 Views
0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Thank you for the information.

 

 

Regards,

 

Sharon

 

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Further checking, please submit your inquiry to our embedded design center, they can better assist you about the inquiry:

 

https://embedded.communities.intel.com/community/en

 

 

Regards,

 

Sharon

 

0 Kudos
PThoe1
Beginner
2,745 Views

Confused, how does this have anything to do with embedded systems as opposed to the "wired NIC" (this forum)

0 Kudos
idata
Employee
2,745 Views

Hi PeterTe,

 

 

Thank you for the reply. This is more about the design so you can submit the inquiry in the embedded design communities.

 

 

Thanks,

 

Sharon T

 

0 Kudos
Reply