- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to find a reference document for the CA hashes that have been embedded as standard in the various versions of AMT.
I found this, but it only really details version 7,11 and 12. https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Frootcertificatehashes.htm
We need to replace the cert on our RCS server as it's coming up for expiry, and will need it to support both the newer and older boards. The implication in that document (if I'm reading it correctly) is that the version 11 and 12 firmwares on the newer boards only support the sha256 fingerprinted roots, and the older firmwares on the older boards will only support the sha1 fingerprinted roots.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
Thank you for joining the community.
As you correctly state the document you found details the preloaded hashes for the 5 commercial CAs that AMT currently supports. It details versions 7, 11 and 12 because those are the main versions found recently. Versions 11 and 12 are the ones that come with the most recent systems and 7 because it implemented several changes from the original AMT visions that were 6 and earlier. Usually there are not that many pre version 11 systems found out there. What versions do you have?
Regards
Jose A.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're running a site survey now. When you say there aren't many pre-version 11 systems out there, is there a reason for that? Looking at this wikipedia article, and the chipsets listed against versions 8, 9 and 10... I'm not getting why they'd be uncommon - apart from maybe version 10. Or is it that the boards released during the version 8, 9 and 10 period have all had upgrades to version 11?
https://en.wikipedia.org/wiki/Intel_AMT_versions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
The reason for not seeing that many older AMT version systems (at least at support) is pretty much for equipment renovation process. Nothing particular. We know about some updates has been performed to mitigate some vulnerability issues for example v12 increased many security features like TLS 2.0 protocol
Regards
Jose A.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
Do you have any further details, updates, questions or comments in regards to this issue?
This thread will be marked as resolved automatically in the next 72 hours if no activity is received.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The question hasn't really been answered. We have over 200 systems still running version 9.x, and maybe 30 running version 10.x. I'd really like to know what hashes were on those boards before committing to purchasing a new cert.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
I will research on the preloaded hashes for such AMT versions. I will let you know as soon as I have updates.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
After researching on your question I found that all of the public CA's issuing remote configuration certificates will have the appropriate hashes for AMT in the certificate for the versions you have outlined.
Hope it helps
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
I am just following up to double-check if you found the provided information useful. If you have further questions please don't hesitate to ask. If you consider the issue to be completed please let us know so we can proceed to mark this ticket as resolved. This support interaction will be marked as resolved automatically in the next 72 hours if no activity is received.
Regards
Jose A.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello IBrow1,
We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.
Jose A.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page