Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2878 Discussions

How to enable non-TLS network communications

watamaru2000
Beginner
1,286 Views

Non-TLS End-of-Life Notification for Intel® Active Management...
I'm asking a question after checking the notice above.
In the Intel CSME 16.1 firmware environment, non-TLS network communications can no longer be used.
Is there a way to enable non-TLS network communications in that environment, such as in the AMT configuration settings?

For example, is the following CIM entry irrelevant?

Intel AMT Implementation and Reference Guide
--> WS-Management
--> WS-Management Class Reference
--> AMT Classes
--> AMT_TLSSettingData
--> AcceptNonSecureConnections

0 Kudos
1 Solution
MIGUEL_C_Intel
Moderator
1,270 Views

Hello, watamaru2000,


Thank you for using Intel support services.


Intel introduces into the latest 13th Gen Intel® Core™ Processors launch (codename Raptor Lake) (and Xeon processors) a security improvement; Non-TLS communications have been removed. 


The feature has been removed from BIOS and the improvement has been extended to 12th Gen Intel® Core™ platforms (codename Alder Lake) (and Xeon processors).  Only TLS communication is supported, no changes are allowed. 


Intel is closely reviewing the vulnerabilities and looking for ways to increase the security of our customers.


I am adding the latest Intel® Active Management Technology (Intel® AMT) and Intel® Converged Security and Management Engine (Intel® CSME) Security Updates. It contains a history of vulnerabilities and our actions.

https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.html


Regards,

Miguel C.

Intel Customer Support Technician


View solution in original post

0 Kudos
4 Replies
MIGUEL_C_Intel
Moderator
1,271 Views

Hello, watamaru2000,


Thank you for using Intel support services.


Intel introduces into the latest 13th Gen Intel® Core™ Processors launch (codename Raptor Lake) (and Xeon processors) a security improvement; Non-TLS communications have been removed. 


The feature has been removed from BIOS and the improvement has been extended to 12th Gen Intel® Core™ platforms (codename Alder Lake) (and Xeon processors).  Only TLS communication is supported, no changes are allowed. 


Intel is closely reviewing the vulnerabilities and looking for ways to increase the security of our customers.


I am adding the latest Intel® Active Management Technology (Intel® AMT) and Intel® Converged Security and Management Engine (Intel® CSME) Security Updates. It contains a history of vulnerabilities and our actions.

https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.html


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
MIGUEL_C_Intel
Moderator
1,199 Views

Hello, watamaru2000,


I hope this post finds you well.


If anything else is necessary, do not hesitate to reply.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
watamaru2000
Beginner
1,176 Views

Hello, Miguel,

Thank you for your assistance.
I am satisfied with the answer and appreciate your help.

Have a great day!

0 Kudos
MIGUEL_C_Intel
Moderator
1,168 Views

Hello, watamaru2000,


Thank you for your reply.  Do not hesitate to reply or create a new post if further assistance is necessary.


Regards,

Miguel C.

Intel Customer Support Technician


0 Kudos
Reply