Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

AMT Version 2.1.3 - CA Hashes

idata
Employee
2,890 Views

Hi,

I'm struggling to find the information. Can someone point me in the direction of or let me know please what CA Hashes are pre-loaded in the firmware of AMT 2.1.3?

Thanks,

Stephen

0 Kudos
9 Replies
idata
Employee
792 Views

Stephen,

Do you have a 2.1.3 system available to you? You might want to check out my most recent article on /community/openportit/vproexpert/blog/2009/02/24/powershell-exploring-the-management-engine using Powershell to enumerate hashes via the local HECI interface. I haven't tested it on 2.1.3, but I have run the code on a 2.6 AMT device.

I'm not sure if the AMT 2.1 platform supports remote configuration (PKI provisioning) though. I don't have any AMT devices running that version. As far as I know, only AMT 2.2 and 2.6 support remote configuration. Is there an AMT firmware update for the system you are working with? What manufacturer/model is it?

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
792 Views

Looks very interesting! I'll have a play this afternoon and let you know if it works. Thanks

0 Kudos
idata
Employee
792 Views

You're welcome

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
792 Views

I'm a powershell novice. Do I just type in those commands and press return at the end of each line?

0 Kudos
idata
Employee
792 Views

Yes, each line is a command more or less. The green lines are obviously comments. So, all you need to type at the command line are three lines:

$AmtLib = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"

 

[System.Reflection.Assembly]::LoadFile($AmtLib)

 

$Heci = New-Object ManageabilityStack.HeciWrapper

$Heci.MeInfo.EnumerateHashHandles()

Feel free to e-mail me if you need any help getting this working.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
idata
Employee
792 Views

Thanks Trevor. I got down to the bit in the code $Heci.MeInfo.EnumerateHashHandles() but I get no information returned It appears there are no embedded hashs in this version of AMT. I thought there was but alas no

0 Kudos
JoshHilliker
Employee
792 Views

http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-more-answers-than-questions http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-more-answers-than-questions

"Lastly, I want to touch on how each of these provisioning processes relates to the different AMT versions. Different versions of AMT support different types of provisioning. AMT 2.0, 2.1, 2.5 only support PSK provisioning. AMT 2.2 and 2.6 support PKI provisioning (as well as PSK) but only agent based PKI provisioning. AMT 3.0 and higher versions of AMT support bare metal PKI provisioning (as well as agent based/delayed PKI and PSK provisioning). A common utility used to accomplish agent based provisioning is the RCT (Remote Configuration Tool)."

recommend a quick read on this post.

Josh H

0 Kudos
idata
Employee
792 Views

Ahh, thanks. It's all coming back to me now. There are no pre-embedded hashes in 2.1.3. It's been a few months since I last looked at our AMT situation. I think we planned to upgrade to 2.2 which does have some embedded.

Anyone got a list of hashes that are in 2.2 ... and susequent firmware versions.

Thanks,

0 Kudos
idata
Employee
792 Views

Stephen,

I'd recommend upgrading the firmware on one of your devices to AMT 2.2 and then re-running the Powershell code

I don't have an AMT 2.2 device handy to evaluate, sorry.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

0 Kudos
Reply