I have seen references (such as in /message/110942# 110942 this thread) which indicate that some versions of AMT support 4096-bit public keys in the management certificate trust path. However I am unable to find any official documentation stating that this is the case, our outlining the versions in which this functionality became available.
Does anyone know where I can find this information? Help would be very much appreciated.
I am still working to get a good Matrix of Cert size support, but in the meantime:The latest versions of Intel AMT firmware (2.2.10, 2.6.20, 3.2.10, 4.2.0, 5.1.10, 6.0 or later) support 4096-bit key length for root and intermediate certificates.
The last certificate in the chain, the certificate stored in the Intel AMT certificate store, must have a 2048-bit key length.
The root certificate cannot exceed a length of 1500 bytes.
Again, I will try and get a matrix that shows this info.
hope this helps!
Thanks very much Josh. It's good to have some certainty that the latest AMT versions do support the 4096-bit keys.
The matrix you are working on will be helpful as well in planning the effort required to upgrade our PC fleet to compatible AMT versions.