I'm struggling to find the information. Can someone point me in the direction of or let me know please what CA Hashes are pre-loaded in the firmware of AMT 2.1.3?
Do you have a 2.1.3 system available to you? You might want to check out my most recent article on /community/openportit/vproexpert/blog/2009/02/24/powershell-exploring-the-management-engine using Powershell to enumerate hashes via the local HECI interface. I haven't tested it on 2.1.3, but I have run the code on a 2.6 AMT device.
I'm not sure if the AMT 2.1 platform supports remote configuration (PKI provisioning) though. I don't have any AMT devices running that version. As far as I know, only AMT 2.2 and 2.6 support remote configuration. Is there an AMT firmware update for the system you are working with? What manufacturer/model is it?
Yes, each line is a command more or less. The green lines are obviously comments. So, all you need to type at the command line are three lines:
$AmtLib = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"
$Heci = New-Object ManageabilityStack.HeciWrapper
Feel free to e-mail me if you need any help getting this working.
Thanks Trevor. I got down to the bit in the code $Heci.MeInfo.EnumerateHashHandles() but I get no information returned It appears there are no embedded hashs in this version of AMT. I thought there was but alas no
"Lastly, I want to touch on how each of these provisioning processes relates to the different AMT versions. Different versions of AMT support different types of provisioning. AMT 2.0, 2.1, 2.5 only support PSK provisioning. AMT 2.2 and 2.6 support PKI provisioning (as well as PSK) but only agent based PKI provisioning. AMT 3.0 and higher versions of AMT support bare metal PKI provisioning (as well as agent based/delayed PKI and PSK provisioning). A common utility used to accomplish agent based provisioning is the RCT (Remote Configuration Tool)."
recommend a quick read on this post.
Ahh, thanks. It's all coming back to me now. There are no pre-embedded hashes in 2.1.3. It's been a few months since I last looked at our AMT situation. I think we planned to upgrade to 2.2 which does have some embedded.
Anyone got a list of hashes that are in 2.2 ... and susequent firmware versions.
I'd recommend upgrading the firmware on one of your devices to AMT 2.2 and then re-running the Powershell code
I don't have an AMT 2.2 device handy to evaluate, sorry.