// Copyright (c) 2007-2011, Intel Corporation. All rights reserved. [Experimental, Version ( "8.0.0" ), Description ( "Describes the Host Based Setup Service, which is the logic in " "Intel(R) AMT that responds to setup requests initiated from " "the host using OS Administrator credentials. Also provides a " "method to upgrade to Admin Control mode that can be initiated " "remotely." )] class IPS_HostBasedSetupService : CIM_SecurityService { [Description ( "An enumeration value that indicates the control mode of " "the Intel(R) AMT subsystem after provisioning. This " "property is read-only" ), ValueMap { "0", "1", "2", ".." }, Values { "Not provisioned", "Client", "Admin", "Reserved" }] uint8 CurrentControlMode; [Description ( "An array of values that indicates which control modes " "this machine is allowed to be in. This property is " "read-only. \"Client\" can only be removed using the " "\"DisableClientControlMode\" method." ), ValueMap { "0", "1", "2", ".." }, Values { "Not provisioned", "Client", "Admin", "Reserved" }] uint8 AllowedControlModes[]; [Description ( "Nonce value randomly generated by Intel(R) AMT, used as " "input to the Setup APIs. This value will be regenerated " "following an unprovision event and after a successful " "setup.It may also be regenerated following ME resets." ), OctetString] uint8 ConfigurationNonce[]; [Description ( "Status of \"AddNextCertInChain\" progress. " "This property is read-only. " ), ValueMap { "0", "1", "2", ".." }, Values { "Not Started", "Chain In-Progress", "Chain Complete", "Reserved" }] uint8 CertChainStatus; [Description ( "Setup Intel(R) AMT from local host. This function " "requires OS administrator rights, and moves Intel(R) AMT " "from \"Pre Provisioned\" state to \"Post Provisioned\" " "state. The control mode after this method is run will be " "\"Client\". This method also allows the configuring " "agent to sign the setup operation with a certificate. " "The certificate hash will be kept in the corresponding " "provisioning record" ), ValueMap { "0", "1", "2", "3", "4", "5", "6", ".." }, Values { "SUCCESS", "INTERNAL ERROR", "INVALID STATE", "INVALID PARAM", "METHOD DISABLED", "AUTH_FAILED", "FLASH_WRITE_LIMIT_EXCEEDED", "Reserved" }] uint32 Setup( [Required, IN, Description ( "The encryption type of the network admin password. " "Only HTTP-MD5 is supported. The values are the " "same as the " "CIM_Account.UserPasswordEncryptionAlgorithm field" ), ValueMap { "0", "1", "2", ".." }, Values { "None", "Other", "HTTP Digest MD5(A1)", "DMTF Reserved" }] uint16 NetAdminPassEncryptionType, [Required, IN, Description ( "New network admin password to be set by this " "command, encrypted using the encryption type " "algorithm" ), OctetString] string NetworkAdminPassword[1], [IN, Description ( "A random nonce value generated by the " "configuration agent.Required if the digital " "signature is provided.needs to be concatenated " "after the configuration nonce and signed together " "with the attached certificate\'s private key" ), OctetString] uint8 McNonce[], [IN, Description ( "The certificate used to sign the setup " "operation. If the digital signature is " "provided, Intel(R) AMT will only validate the format " "of the certificate and that it was used to sign " "the nonces. If the operation is successful it " "will save the certificate hash in the " "corresponding provisioning record" ), OctetString] uint8 Certificate[], [IN, Description ( "The signing algorithm used to sign the setup operation." ), ValueMap { "0", "1", "2", ".." }, Values { "None", "Other", "RSA_SHA-2_256", "DMTF Reserved" }] uint16 SigningAlgorithm, [IN, Description ( "A digital signature of the ConfigurationNonce and " "the McNonce concatenated. If this information is " "provided, AMT will validate the signature before " "accepting the command." ), OctetString] uint8 DigitalSignature[]); [Description ( "Add a certificate to the provisioning certificate chain, " "to be used by AdminSetup or UpgradeClientToAdmin " "methods." ), ValueMap {"0", "1", "2","3","4","5",".."}, Values {"SUCCESS", "INVALID PARAM", "INTERNAL_ERROR", "INVALID STATE", "CERT_VERIFY_FAILED","CERT_CHAIN_LENGTH_EXCEEDED","Reserved"}] uint32 AddNextCertInChain( [Required, IN, Description ( "The next certificate to add to the chain" ), OctetString] uint8 NextCertificate[], [IN, Description ( "true, when the current certificate is leaf " "certificate" )] boolean IsLeafCertificate, [IN, Description ( "true, when the current certificate is root. Marks end of the certificate chain" )] boolean IsRootCertificate ); [Description ( "Setup Intel(R) AMT from the local host, resulting in " "Admin Setup Mode. Requires OS administrator rights, and " "moves Intel(R) AMT from \"Pre Provisioned\" state to " "\"Post Provisioned\" state. The control mode after this " "method is run will be \"Admin\"." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", "2066" }, Values { "SUCCESS", "INTERNAL ERROR", "INVALID STATE", "INVALID PARAM", "Reserved0", "AUTH_FAILED", "FLASH_WRITE_LIMIT_EXCEEDED", "UNSUPPORTED" }] uint32 AdminSetup( [Required, IN, Description ( "The encryption type of the network admin password. " "Only HTTP-MD5 is supported. The values are the " "same as the " "CIM_Account.UserPasswordEncryptionAlgorithm field" ), ValueMap { "0", "1", "2", ".." }, Values { "None", "Other", "HTTP Digest MD5(A1)", "DMTF Reserved" }] uint16 NetAdminPassEncryptionType, [Required, IN, Description ( "New network admin password to be set by this " "command, encrypted using the encryption type " "algorithm" ), OctetString] string NetworkAdminPassword[1], [IN, Description ( "A random nonce value generated by the " "configuration agent.Required if the digital " "signature is provided.needs to be concatenated " "after the configuration nonce and signed together " "with the attached certificate\'s private key" ), OctetString] uint8 McNonce[], [IN, Description ( "The signing algorithm used to sign the setup operation." ), ValueMap { "0", "1", "2", ".." }, Values { "None", "Other", "RSA_SHA-2_256", "DMTF Reserved" }] uint16 SigningAlgorithm, [IN, Description ( "A digital signature of the ConfigurationNonce and " "the McNonce concatenated. If this information is " "provided, AMT will validate the signature before " "accepting the command." ), OctetString] uint8 DigitalSignature[]); [Description ( "Upgrade Intel(R) AMT from Client to Admin Control " "Mode. Requires AMT administrator rights, and that the " "machine has been previously provisioned in Client " "control mode." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", ".." }, Values { "SUCCESS", "INTERNAL ERROR", "INVALID STATE", "INVALID PARAM", "Reserved", "AUTH_FAILED", "FLASH_WRITE_LIMIT_EXCEEDED", "Reserved" }] uint32 UpgradeClientToAdmin( [IN, Description ( "A random nonce value generated by the " "configuration agent.Required if the digital " "signature is provided.needs to be concatenated " "after the configuration nonce and signed together " "with the attached certificate\'s private key" ), OctetString] uint8 McNonce[], [IN, Description ( "The signing algorithm used to sign the setup operation." ), ValueMap { "0", "1", "2", ".." }, Values { "None", "Other", "RSA_SHA-2_256", "DMTF Reserved" }] uint16 SigningAlgorithm, [IN, Description ( "A digital signature of the ConfigurationNonce and " "the McNonce concatenated.If this information is " "provided, AMT will validate the signature before " "accepting the command." ), OctetString] uint8 DigitalSignature[]); [Description ( "Do not allow provisioning the machine in Client Control mode." ), ValueMap { "0", "1", ".." }, Values { "SUCCESS", "INTERNAL ERROR", "Reserved" }] uint32 DisableClientControlMode( ); };