98 lines
4.9 KiB
Plaintext
98 lines
4.9 KiB
Plaintext
Copyright (c) Intel Corporation, 2007 - 2022 All Rights Reserved.
|
|
|
|
Intel(R) Active Management Technology (Intel AMT):
|
|
A brief overview of the SDK's HostBasedSetup Package
|
|
|
|
Introduction:
|
|
-------------
|
|
This sample application demonstrates how, using WS-Management classes, to setup
|
|
an Intel(R) AMT device in admin/client control mode, after the setup is done,
|
|
the device will be ready to be configured.
|
|
In addition the sample application demonstrates how to discover, disable and
|
|
unprovision an Intel(R) AMT device.
|
|
For specific compliation/execution details - refer to each sample readme:
|
|
Bin\HostBasedSetupUntyped\HostBasedUntyped Readme.txt or
|
|
Bin\HostBasedSetupTyped\HostBasedTyped Readme.txt
|
|
|
|
The following operations are supported:
|
|
-----------------------------------
|
|
* Discovery:
|
|
Perform discovery check on the Intel(R) AMT device using the -discovery
|
|
option. The discovery option retrieves the system's supported control modes
|
|
and the current control mode.
|
|
* Setup:
|
|
Perform an activation of an Intel(R) AMT device in a client control mode
|
|
using the -setup option with the network password given using the -newpass
|
|
option.
|
|
After the setup is done, the device will be ready to be configured.
|
|
* Signed local setup:
|
|
Perform a signed local activation of an Intel(R) AMT device in a client
|
|
control mode using the -setup (in order to perform this option please
|
|
follow section 2). After the setup is done, the device will be ready to be
|
|
configured.
|
|
* Admin Setup:
|
|
Perform an admin activation of an Intel(R) AMT device in an admin control
|
|
mode using the -adminsetup (in order to perform this option please follow
|
|
section 2). After the setup is done, the device will be ready to be
|
|
configured.
|
|
* Upgrade:
|
|
Perform an upgrade of an Intel(R) AMT device from client control mode to
|
|
admin control mode using the -upgrade. (in order to perform this option
|
|
please follow section 2). After the setup is done, the device will be ready
|
|
to be configured.
|
|
* Disable:
|
|
Disable the client control mode of an Intel(R) AMT device using the
|
|
-disable option. Since this operation is irreversible (once client control
|
|
mode is disabled it cannot be enabled), one must use the -force option
|
|
along with the -disable option to actually disable the client control mode.
|
|
* Unprovision:
|
|
Perform an unprovision of an Intel(R) AMT device in a client control mode
|
|
using the -unprovision option.
|
|
* Get configuration nonce:
|
|
Get the configuration nonce from the Intel(R) AMT device using the
|
|
-getnonce option. The option retrieves the configuration nonce from the
|
|
Intel(R) AMT device.
|
|
|
|
2. How to perform Signed local setup/Admin setup/upgrade
|
|
2.1 Run the HostBasedSetupUntyped sample with -getnonce option.
|
|
This option will generate a file which contains the configuration nonce.
|
|
2.2 Run the DigSign.pl script (located at: \Bin\DigSignScript) with the
|
|
following parameters as input:
|
|
DigSign.pl -nonce <FilePath (from the previous command)> -privateKey \
|
|
<Path to file that contains the private key>
|
|
This script will generate a file with digital signature and the MC nonce
|
|
2.3 Run the HostBasedSetupUntyped sample with the desired option, as follows:
|
|
* Signed Local Setup usage:
|
|
HostBasedSetup.exe -setup -newpass <new admin password> -cert
|
|
<certificate> -file <file path from the previous command>
|
|
[-adapterName <adapter name>]
|
|
* Admin Setup:
|
|
HostBasedSetup.exe -adminsetup -newpass <new admin password> -cert
|
|
<full certificate chain> -file <file path from the previous command>
|
|
[-mebx <new MEBx passord>] [-adapterName <adapter name>]
|
|
* Upgrade:
|
|
HostBasedSetup.exe -upgrade -currentpass <current admin password>
|
|
-cert <full certificate chain> -file <file path from the previous
|
|
command> -mebx <new MEBx password>]
|
|
|
|
Note: For the commands setup and admin-setup (for ME16.1 and up) use
|
|
the -adaptername flag to determine on which adapter to perform IP
|
|
refresh, in case AMT is disabled. This parameter is optional.
|
|
|
|
Notes:
|
|
* The following options are supported only in the HostBasedSetupUntyped
|
|
sample: setup\admin setup\upgrade
|
|
* The application communicates with the Intel(R) AMT device locally from the
|
|
host platform using the Intel(R) Management Engine Interface (Intel(R) ME
|
|
Interface) and the Local Management Service (LMS). Before running the
|
|
application - make sure that the Intel ME Interface driver is installed,
|
|
the LMS service is installed and running, and the application is running
|
|
with Administrator privileges.
|
|
For additional details see the AMT SDK documentation.
|
|
|
|
------------------------------------------------------------------
|
|
* Other names and brands may be claimed as the property of others.
|
|
|
|
|
|
|