150 lines
6.0 KiB
Plaintext
150 lines
6.0 KiB
Plaintext
// Copyright (c) 2007-2011, Intel Corporation. All rights reserved.
|
|
[Version ( "11.0.0" ),
|
|
Description (
|
|
"This service contains the information necessary to represent "
|
|
"and manage the functionality provided by the Intel(R) AMT "
|
|
"CertStore." )]
|
|
class AMT_PublicKeyManagementService : CIM_CredentialManagementService {
|
|
|
|
|
|
[Description (
|
|
"This call adds a Certificate revocation list to be used "
|
|
"by the Intel(R) AMT device." ),
|
|
ValueMap { "0", "1", "23", "36", "38" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_MAX_LIMIT_REACHED",
|
|
"PT_STATUS_INVALID_PARAMETER",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED" }]
|
|
uint32 AddCRL(
|
|
[IN, Description (
|
|
"The issuer URL of the revoked certificates." )]
|
|
string Url,
|
|
[IN, Description (
|
|
"Notice: the values of this array are actually "
|
|
"base64 encoded values. A list of serial numbers "
|
|
"removed by the CA which is specified in the Url "
|
|
"variable." ),
|
|
EOBase64]
|
|
string SerialNumbers[],
|
|
[OUT, Description (
|
|
"Reference to the new AMT_CRL instance." )]
|
|
AMT_CRL REF CRL);
|
|
|
|
[Description (
|
|
"Remove the usage of CRL during the authentication process" ),
|
|
ValueMap { "0", "1", "38" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED" }]
|
|
uint32 ResetCRLList(
|
|
);
|
|
|
|
[Description (
|
|
"This function adds new certificate to the Intel(R) AMT "
|
|
"CertStore. A certificate cannot be removed if it is "
|
|
"referenced (for example, used by TLS, 802.1X or EAC)." ),
|
|
ValueMap { "0", "1", "23", "38", "2058", "2063" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_MAX_LIMIT_REACHED",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
|
|
"PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_CERT" }]
|
|
uint32 AddCertificate(
|
|
[Required, IN, OctetString]
|
|
uint8 CertificateBlob[],
|
|
[Description (
|
|
"Certificate encoded in X.509 format" ),
|
|
OUT]
|
|
AMT_PublicKeyCertificate REF CreatedCertificate);
|
|
|
|
[Description (
|
|
"This function adds new root certificate to the Intel(R) "
|
|
"AMT CertStore. A certificate cannot be removed if it is "
|
|
"referenced (for example, used by TLS, 802.1X or EAC)." ),
|
|
ValueMap { "0", "1", "16", "23", "38", "2058", "2063" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_NOT_PERMITTED", "PT_STATUS_MAX_LIMIT_REACHED",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
|
|
"PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_CERT" }]
|
|
uint32 AddTrustedRootCertificate(
|
|
[Required, IN, OctetString]
|
|
uint8 CertificateBlob[],
|
|
[Description (
|
|
"Certificate encoded in X.509 format" ),
|
|
OUT]
|
|
AMT_PublicKeyCertificate REF CreatedCertificate);
|
|
|
|
[Description (
|
|
"This function adds new certificate key to the Intel(R) "
|
|
"AMT CertStore. A key cannot be removed if its "
|
|
"corresponding certificate is referenced (for example, "
|
|
"used by TLS, 802.1X or EAC)." ),
|
|
ValueMap { "0", "1", "23", "38", "2058", "2062" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_MAX_LIMIT_REACHED",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
|
|
"PT_STATUS_DUPLICATE", "PT_STATUS_INVALID_KEY" }]
|
|
uint32 AddKey(
|
|
[Description (
|
|
"RSA Key encoded as DES PKCS#1"),
|
|
Required, IN, OctetString]
|
|
uint8 KeyBlob[],
|
|
[OUT]
|
|
AMT_PublicPrivateKeyPair REF CreatedKey);
|
|
|
|
|
|
[Description (
|
|
"This API is used to create a PKCS#10 certificate "
|
|
"signing request based on a key from the key "
|
|
"store." ),
|
|
ValueMap { "0", "1", "36", "2066" },
|
|
Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_INVALID_PARAMETER", "PT_STATUS_UNSUPPORTED" }]
|
|
uint32 GeneratePKCS10RequestEx(
|
|
[Required, IN, Description ( "An EPR to a key pair." )]
|
|
AMT_PublicPrivateKeyPair REF KeyPair,
|
|
[Required, IN, Description (
|
|
"The signing algorithm that the FW should use "
|
|
"for signing the certificate request"),
|
|
ValueMap {"0", "1", "2",".."},
|
|
Values {"SHA1", "SHA256", "SHA384", "Reserved"}]
|
|
uint32 SigningAlgorithm,
|
|
[Required, IN, Description (
|
|
"A binary representation of the null-signed PKCS#10 request."
|
|
"the request must include a valid PKCS10RequestInfo, "
|
|
"that will be signed by AMT FW. The Public Key specified in the "
|
|
"request must match the public key of the referenced KeyPair parameter. "),
|
|
OctetString]
|
|
uint8 NullSignedCertificateRequest[],
|
|
|
|
|
|
[OUT, Description (
|
|
"A binary representation of the PKCS#10 request, signed by FW." ),
|
|
OctetString]
|
|
uint8 SignedCertificateRequest[]);
|
|
|
|
|
|
|
|
[Description (
|
|
"This API is used to generate a key in the FW"),
|
|
ValueMap { "0", "1", "23", "36", "38", "2066", "2082" },
|
|
Values { "PT_STATUS_SUCCESS",
|
|
"PT_STATUS_INTERNAL_ERROR",
|
|
"PT_STATUS_MAX_LIMIT_REACHED",
|
|
"PT_STATUS_INVALID_PARAMETER",
|
|
"PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED",
|
|
"PT_STATUS_UNSUPPORTED",
|
|
"PT_STATUS_OPERATION_IN_PROGRESS"}]
|
|
uint32 GenerateKeyPair(
|
|
[Required, IN, Description (
|
|
"The algorithm of the generated key." ),
|
|
ValueMap {"0", "1", ".."},
|
|
Values {"RSA", "ECC", "Reserved"}]
|
|
uint32 KeyAlgorithm,
|
|
[Required, IN, Description (
|
|
"The length of the generatd key in bits." )]
|
|
uint32 KeyLength,
|
|
[OUT, Description ( "An EPR to a key pair." )]
|
|
AMT_PublicPrivateKeyPair REF KeyPair);
|
|
|
|
|
|
};
|