Intel vPro® Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)
2629 Discussions

AMT Version 2.1.3 - CA Hashes

idata
Community Manager
2,460 Views

Hi,

I'm struggling to find the information. Can someone point me in the direction of or let me know please what CA Hashes are pre-loaded in the firmware of AMT 2.1.3?

Thanks,

Stephen

0 Kudos
9 Replies
idata
Community Manager
362 Views

Stephen,

Do you have a 2.1.3 system available to you? You might want to check out my most recent article on /community/openportit/vproexpert/blog/2009/02/24/powershell-exploring-the-management-engine using Powershell to enumerate hashes via the local HECI interface. I haven't tested it on 2.1.3, but I have run the code on a 2.6 AMT device.

I'm not sure if the AMT 2.1 platform supports remote configuration (PKI provisioning) though. I don't have any AMT devices running that version. As far as I know, only AMT 2.2 and 2.6 support remote configuration. Is there an AMT firmware update for the system you are working with? What manufacturer/model is it?

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

idata
Community Manager
362 Views

Looks very interesting! I'll have a play this afternoon and let you know if it works. Thanks

idata
Community Manager
362 Views

You're welcome

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

idata
Community Manager
362 Views

I'm a powershell novice. Do I just type in those commands and press return at the end of each line?

idata
Community Manager
362 Views

Yes, each line is a command more or less. The green lines are obviously comments. So, all you need to type at the command line are three lines:

$AmtLib = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"

 

[System.Reflection.Assembly]::LoadFile($AmtLib)

 

$Heci = New-Object ManageabilityStack.HeciWrapper

$Heci.MeInfo.EnumerateHashHandles()

Feel free to e-mail me if you need any help getting this working.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

idata
Community Manager
362 Views

Thanks Trevor. I got down to the bit in the code $Heci.MeInfo.EnumerateHashHandles() but I get no information returned It appears there are no embedded hashs in this version of AMT. I thought there was but alas no

JoshHilliker
Employee
362 Views

http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-... http://communities.intel.com/community/openportit/vproexpert/blog/2008/05/06/provisioning-hopefully-...

"Lastly, I want to touch on how each of these provisioning processes relates to the different AMT versions. Different versions of AMT support different types of provisioning. AMT 2.0, 2.1, 2.5 only support PSK provisioning. AMT 2.2 and 2.6 support PKI provisioning (as well as PSK) but only agent based PKI provisioning. AMT 3.0 and higher versions of AMT support bare metal PKI provisioning (as well as agent based/delayed PKI and PSK provisioning). A common utility used to accomplish agent based provisioning is the RCT (Remote Configuration Tool)."

recommend a quick read on this post.

Josh H

idata
Community Manager
362 Views

Ahh, thanks. It's all coming back to me now. There are no pre-embedded hashes in 2.1.3. It's been a few months since I last looked at our AMT situation. I think we planned to upgrade to 2.2 which does have some embedded.

Anyone got a list of hashes that are in 2.2 ... and susequent firmware versions.

Thanks,

idata
Community Manager
362 Views

Stephen,

I'd recommend upgrading the firmware on one of your devices to AMT 2.2 and then re-running the Powershell code

I don't have an AMT 2.2 device handy to evaluate, sorry.

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

Reply