i seem to be having a problem using a usb stick to insert the certificate hash code we use into the bios of these boards(DQ35JO) (we have about 200 of them)
has any one had any luck with doing this?
Commandline for the USBFILE(V3) tool: USBFile.exe -create setup.bin admin NEWPASSWORD -v 2 -hash AMTProvision.cer "OUR Root CA" -amt -fqdn SERVERFQDN -ztc 1 -redir 1 -psadd IPADDRESS -pspo 9971 -domname DOMAINNAME
if i change the version of the file to version 1 via "-v 1" and add a pid/pps pair it will recognise the setup.bin file and install the PSK pair.
Anyone have any ideas?
I think some of the parameters you mentioned are from version 2.1 (psadd, pspo, domname), do you get the same error without those arguments?
yup its from AMT 6 SDK
usbfile.exe -create f:\setup.bin adminPASSWORD -v 2 -hash AMTProvision.cer "Root CA" -amt -ztc 1
usbfile.exe -create f:\setup.bin adminPASSWORD -v 2 -hash AMTProvision.cer "Root CA"
and the pc still wont see the v2setup.bin file on the usb stick
i have also tried a wide selection of usb sticks, just in case :)
Taking a step back, what is your end goal for putting the certs into the ME? Do you want to provision the systems with PKI instead of PID/PPS, and you'd prefer to use your own cert? If you can get a PID/PPS pair onto the systems via USB, then SCS is able to provision them.
You may want to take a look at the "Intel SCS Installation and User Guide" which has a section on Creating and Installing Your Own Certificate. The guide is part of the Intel SCS 6 Source Kit.zip.
In addition to showing you how to create a certificate which you can try with the USButility, there is a process described there to insert the certificate hash manually using the MEBx. This may also help you troubleshoot your issue.
we are using System Center Configuration Manager and are using our own Cert to provide theprovisioning system, ifwe cant getthe boards to use a PKIsetup.bin we will just have to use aPSK Pair.
we have managed to get thePCs with version 4 and above AMT to work usingour own Cert its only these boards that are anoying we would just like to use PKI if at all posiable
Our internal teams were able to successfully use the USBTool from AMT 6.0 SDK and add PKI certificate hash to AMT 126.96.36.1996 system. In order for us to help you trouble shoot, there are couple things we would like you to do.
First, please make sure you have the latest BIOS updates, this sounds like BIOS not able to detect any v2 setup.bin files.
Second, if you can send us your setup.bin file, we can try here on our systems and let you know what is going on.