- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i seem to be having a problem using a usb stick to insert the certificate hash code we use into the bios of these boards(DQ35JO) (we have about 200 of them)
has any one had any luck with doing this?
BIOS version:1126
Commandline for the USBFILE(V3) tool: USBFile.exe -create setup.bin admin NEWPASSWORD -v 2 -hash AMTProvision.cer "OUR Root CA" -amt -fqdn SERVERFQDN -ztc 1 -redir 1 -psadd IPADDRESS -pspo 9971 -domname DOMAINNAME
if i change the version of the file to version 1 via "-v 1" and add a pid/pps pair it will recognise the setup.bin file and install the PSK pair.
Anyone have any ideas?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think some of the parameters you mentioned are from version 2.1 (psadd, pspo, domname), do you get the same error without those arguments?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yup its from AMT 6 SDK
I tried
usbfile.exe -create f:\setup.bin adminPASSWORD -v 2 -hash AMTProvision.cer "Root CA" -amt -ztc 1
and
usbfile.exe -create f:\setup.bin adminPASSWORD -v 2 -hash AMTProvision.cer "Root CA"
and the pc still wont see the v2setup.bin file on the usb stick
i have also tried a wide selection of usb sticks, just in case :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Taking a step back, what is your end goal for putting the certs into the ME? Do you want to provision the systems with PKI instead of PID/PPS, and you'd prefer to use your own cert? If you can get a PID/PPS pair onto the systems via USB, then SCS is able to provision them.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may want to take a look at the "Intel SCS Installation and User Guide" which has a section on Creating and Installing Your Own Certificate. The guide is part of the Intel SCS 6 Source Kit.zip.
In addition to showing you how to create a certificate which you can try with the USButility, there is a process described there to insert the certificate hash manually using the MEBx. This may also help you troubleshoot your issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we are using System Center Configuration Manager and are using our own Cert to provide theprovisioning system, ifwe cant getthe boards to use a PKIsetup.bin we will just have to use aPSK Pair.
we have managed to get thePCs with version 4 and above AMT to work usingour own Cert its only these boards that are anoying we would just like to use PKI if at all posiable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think it may be a problem with the changes between AMT versions not being handled by the USB tool.
Let me follow up with the tools team.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our internal teams were able to successfully use the USBTool from AMT 6.0 SDK and add PKI certificate hash to AMT 3.2.11.1136 system. In order for us to help you trouble shoot, there are couple things we would like you to do.
First, please make sure you have the latest BIOS updates, this sounds like BIOS not able to detect any v2 setup.bin files.
Second, if you can send us your setup.bin file, we can try here on our systems and let you know what is going on.
Thanks,
AI
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page