how can we make different .conf.xml file for different hosts, while setting up enterprise mode, because at that time we dont know uuids of hosts ?
I think if TLS is enabled then hostname is mandatory in conf.xml file, so we need different conf.xml file for every host ??? So different files are essential if TLS is enabled ???
Any suggestion about using different conf.xml files or using default.conf.xml file.
If you decide to have a different config for each AMT device using UUID???.conf.xml, you need to know the UUID before hand maybe from the manufacturer. When yourconfiguration server receives the hello message, you can extract the UUID and then locate the UUID.conf.xml match.
Its not the case that I have decided to have different .conf.xml file for every machine, I want to use TLS, if that can be done with one file, then I 'll use one. I think while using TLS different files are necessary ?
So, If we initially set the hostname of a machine then we cannot change it (because the certificates 'll get useless), if the enviroment is DHCP based then we cannot even change the hostname of the running OS ?? because in dhcp based environment it is recommended to have same hostname for AMT and host processor.
TLS doesn't require you to use different sets of PSK and certificates. It is up to you to decide. But of course using different combinations is much more secure.
I agree with you on the second part, it is not easy to change the AMT parameters (i.e. hostname) since you also need to change the certificate. But I think Intel has a recommendation on how to handle this situation. You may refer to the "Deployment Guide" document provided by Intel.