- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm struggling to find the information. Can someone point me in the direction of or let me know please what CA Hashes are pre-loaded in the firmware of AMT 2.1.3?
Thanks,
Stephen
- Tags:
- Intel® vPro™
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stephen,
Do you have a 2.1.3 system available to you? You might want to check out my most recent article on /community/openportit/vproexpert/blog/2009/02/24/powershell-exploring-the-management-engine using Powershell to enumerate hashes via the local HECI interface. I haven't tested it on 2.1.3, but I have run the code on a 2.6 AMT device.
I'm not sure if the AMT 2.1 platform supports remote configuration (PKI provisioning) though. I don't have any AMT devices running that version. As far as I know, only AMT 2.2 and 2.6 support remote configuration. Is there an AMT firmware update for the system you are working with? What manufacturer/model is it?
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks very interesting! I'll have a play this afternoon and let you know if it works. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're welcome
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm a powershell novice. Do I just type in those commands and press return at the end of each line?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, each line is a command more or less. The green lines are obviously comments. So, all you need to type at the command line are three lines:
$AmtLib = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"
[System.Reflection.Assembly]::LoadFile($AmtLib)
$Heci = New-Object ManageabilityStack.HeciWrapper
$Heci.MeInfo.EnumerateHashHandles()
Feel free to e-mail me if you need any help getting this working.
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Trevor. I got down to the bit in the code $Heci.MeInfo.EnumerateHashHandles() but I get no information returned It appears there are no embedded hashs in this version of AMT. I thought there was but alas no
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-more-answers-than-questions http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-more-answers-than-questions
"Lastly, I want to touch on how each of these provisioning processes relates to the different AMT versions. Different versions of AMT support different types of provisioning. AMT 2.0, 2.1, 2.5 only support PSK provisioning. AMT 2.2 and 2.6 support PKI provisioning (as well as PSK) but only agent based PKI provisioning. AMT 3.0 and higher versions of AMT support bare metal PKI provisioning (as well as agent based/delayed PKI and PSK provisioning). A common utility used to accomplish agent based provisioning is the RCT (Remote Configuration Tool)."
recommend a quick read on this post.
Josh H
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ahh, thanks. It's all coming back to me now. There are no pre-embedded hashes in 2.1.3. It's been a few months since I last looked at our AMT situation. I think we planned to upgrade to 2.2 which does have some embedded.
Anyone got a list of hashes that are in 2.2 ... and susequent firmware versions.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stephen,
I'd recommend upgrading the firmware on one of your devices to AMT 2.2 and then re-running the Powershell code
I don't have an AMT 2.2 device handy to evaluate, sorry.
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page