Community
cancel
Showing results for 
Search instead for 
Did you mean: 
amit_kulkarni83
New Contributor I
64 Views

Is AMT username/password required for read/write to AMT memory block?

We have a desktop product. We want to be AMT compatible.

Following is a simple algorithm for the usage of AMT technology in our product.

In Installer

Allocate an AMT memory block [OPERATION 1]

During Application running

Get handle to AMT memory block

Write to AMT memory block [OPERATION 2]

In Uninstaller

Delete the AMT memory block [OPERATION 3]

Questions:

1. Do we need AMT username/password for all above OPERATION 1, 2 and 3?

2. If password is required, we will have to accept the AMT username/password from the user during installation. Additionally we will have to give the user the facility to change the username/password because it can get changed after installation. Moreover we will have to store the username/password with us. Is it the right approach?

0 Kudos
5 Replies
Gael_H_Intel
Moderator
64 Views

Well, first off, let me suggest to you that you read through the "Storage Design Guide" in the DOCs folder of the Intel AMT SDK. It is in this doc that all the APIs that you can call for registering and using the Third Party Data Store (3PDS) are documented. How you authenticate with the storage registration depends on what kind of authentication your AMT configuration requires (Small Business Mode = Digest Authentication; Enterprise/TLS = Server/Mutual Authentication.) See the ISVS_RegisterApplicationEX API on page 22 of the Storage Design Guide for a description on what is required to register your storage operations.

I'm pretty sure that once you register your storage block and a handle is assigned, you would no longer need to specify the authentication credentials (and in looking at the APIs, this seems to be the case.)

As for as accepting the AMT Username/password from the user after installation... I'm not sure what installation you would be referring to? The user him/herself would not know the AMT username and password. Hopefully only the IT people would know it. Could you elaborate more on what you are planning to do with the 3PDS?

Thanks!

amit_kulkarni83
New Contributor I
64 Views

Hi Gael,

First of all thanks for your prompt help.

Following will make things clear.

Ours is a desktop Antivirus product. We have to store our Virus Signature Date (VSD) in the AMT memory. By installer we mean our product installer.

During our product installation
We will allocate the memory block [OPERATION 1]

After Application running
Get handle to AMT memory block
Store the VSD into the AMT memory block [OPERATION 2]

During our product un-installation
Delete AMT memory block allocated during our product installation [OPERATION 3]

Moreover we have been through the ISVS_RegisterApplicationEX API, but it seems like it requires password. I think the scenario is clear now. So I have reposted my questions below:

1. Do we need AMT username/password for all above OPERATION 1, 2 and 3?
2. If password is required, we will have to accept the AMT username/password from the user during installation. Additionally we will have to give the user the facility to change the username/password because it can get changed after installation. Moreover we will have to store the username/password with us. Is it the right approach?

Gael_H_Intel
Moderator
64 Views

Hi Again,

I am pretty sure I addressed your question to your #1 in my last response - you really just need to take a good look at the API's and see what they require as far as credentials. Like I said, the only API that I saw that takes a username and password is the one that you would use to Register your storage blocks.

For your 2nd question, I'm not sure why you would have your users type in a username and password for AMT. Your application that is doing the installation and calling the APIs would be handling the credentials, not the user. And I'm not sure why you would be requiring the user to change the AMT password or why it would need to change after installation? In normal operations, an IT admin is the one that controls all the AMT passwords and the user has no ability to get into the AMT/ME configurations - this would sort counteract the whole reason of having AMT on a system...

You might want to download the sourcecode for the AMT DTK in order to get an example of how the 3PDS is dealt with in AMT. There is also a video on the 3PDS that you can watch as well.

amit_kulkarni83
New Contributor I
64 Views

Hi Again,

I am pretty sure I addressed your question to your #1 in my last response - you really just need to take a good look at the API's and see what they require as far as credentials. Like I said, the only API that I saw that takes a username and password is the one that you would use to Register your storage blocks.

For your 2nd question, I'm not sure why you would have your users type in a username and password for AMT. Your application that is doing the installation and calling the APIs would be handling the credentials, not the user. And I'm not sure why you would be requiring the user to change the AMT password or why it would need to change after installation? In normal operations, an IT admin is the one that controls all the AMT passwords and the user has no ability to get into the AMT/ME configurations - this would sort counteract the whole reason of having AMT on a system...

You might want to download the sourcecode for the AMT DTK in order to get an example of how the 3PDS is dealt with in AMT. There is also a video on the 3PDS that you can watch as well.

Hi,

Thanks, that is pretty clear.

Our application that is doing the installation will call the APIs and require username/pass. but this username and password is different for different clients. E.g. Suppose there are following clients of our product...

Microsoft: with User:Pass as admin:Xyz123#Xyz

Intel: with User:Pass as admin:Pqr123#Pqr

So we must take these username and password as input atleast during installation.

And the term "user" in the post reffer to IT admin inself. If he deceids to change the password, then our applications will not able to communicate with AMT. So Our application must provide a facility to configur new Username:Pass that is changesd after installation.

Is this approach correct?

Thanks & Regards,

Amit.

64 Views

Hi,

I am not sure if i understand your question - why would you have to run the install app again? you have to do it only once, right? And at that time you are providing the username/password and a handle to that block will be returned.

As Gael mentioned,once you register your storage block and a handle is assigned, you would no longer need to specify the authentication credentials.

Was that your question?

Thanks,

Sree