- No category
advertisement
Intel
®
Management Engine BIOS
Extension (Intel
®
MEBX) User‟s
Guide
User‟s Guide
For systems based on Intel
®
Intel
®
PCH
6 Series Chipset Family and
May 2011
Revision 1.2
Intel Confidential
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
®
PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS
PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER,
AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS
INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR
INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY
APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR
DEATH MAY OCCUR.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.
The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.
All products, platforms, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. All dates specified are target dates, are provided for planning purposes only and are subject to change.
Intel
®
Active Management Technology requires the computer system to have an Intel
®
AMT-enabled chipset, network hardware and software, as well as connection with a power source and a corporate network connection. Setup requires configuration by the purchaser and may require scripting with the management console or further integration into existing security frameworks to enable certain functionality. It may also require modifications of implementation of new business processes. With regard to notebooks, Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. For more information, see www.intel.com/technology/platform-technology/intel-amt/
ENERGY STAR denotes a system level energy specification, defined by the US Environmental Protection Agency, that relies upon all of the system's components, including processor, chipset, power supply, HDD, graphics controller and memory to meet the specification. For more information, see http://www.energystar.gov/index.cfm?fuseaction=find_a_product.showProductGroup&pgw_code=CO
Intel, the Intel logo, and Intel vPro are trademarks of Intel Corporation in the U.S. and other countries.
*Other names and brands may be claimed as the property of others.
Copyright© 2010-2011, Intel Corporation. All rights reserved.
2
Intel Confidential
Contents
MEBX) Overview .............................................................9
Related Documentation .......................................................................... 11
ME Manageability Features ....................................................................... 14
MEBX Configuration User Interface ....................................... 14
MEBX Main Menu .......................................................................... 15
ME Password .................................................................... 16
ME Platform Configuration Menu ..................................................... 17
ME Password ....................................................... 17
FW Update Settings .................................................................. 18
Set PRTC ................................................................................. 21
Power Control .......................................................................... 23
Previous Menu .......................................................................... 26
AMT Configuration ........................................................................ 27
Manageability Feature Selection ................................................. 27
SOL/IDER/KVM ......................................................................... 28
User Consent ........................................................................... 35
Password Policy ........................................................................ 38
Network Setup ......................................................................... 40
Activate Network Access ............................................................ 69
Unconfigure Network Access ...................................................... 70
Remote Setup and Configuration ................................................ 72
Previous Menu .......................................................................... 98
Intel Confidential
3
Standard Manageability Configuration ............................................. 99
Level III Manageability Configuration ............................................ 101
MEBX CPU Replacement Flow ....................................................... 103
4
Intel Confidential
Figures
Figure 1: Intel
®
MEBX Configuration User Interface Main Menu.............................. 15
Figure 2: Intel
®
ME Platform Configuration ......................................................... 17
Figure 3: Change Intel
®
ME Password ................................................................ 18
Figure 4: FW Update Settings ............................................................................ 19
Figure 5: Local FW Update ................................................................................ 20
Figure 6: Set PRTC .......................................................................................... 21
Figure 7: Power Control .................................................................................... 23
Figure 8: Intel
®
ME ON in Host Sleep States ....................................................... 24
Figure 9: Idle Timeout ...................................................................................... 26
Figure 10: Manageability Feature Selection ......................................................... 27
Figure 11: Username and Password ................................................................... 29
Figure 12: SOL ................................................................................................ 30
Figure 13: IDER ............................................................................................... 31
Figure 14: Legacy Redirection Mode ................................................................... 32
Figure 15: Legacy Redirection Mode “notification” ................................................ 33
Figure 16: KVM ............................................................................................... 34
Figure 17: User Opt-in ..................................................................................... 36
Figure 18: Opt-in Configurable from remote IT .................................................... 37
Figure 19: Password Policy ............................................................................... 39
Figure 20: Intel
®
ME Network Setup .................................................................. 40
Figure 21: Host Name ...................................................................................... 41
Figure 22: Domain Name .................................................................................. 42
Figure 23: Shared/Dedicated FQDN .................................................................... 43
Figure 24: Dynamic DNS Update ....................................................................... 44
Figure 25: Periodic Update Interval .................................................................... 45
Figure 26: TTL ................................................................................................. 46
Figure 27: Wired LAN IPV4 Configuration ............................................................ 48
Figure 28: DHCP Mode Enabled ......................................................................... 49
Figure 29: DHCP Mode Disabled ........................................................................ 49
Figure 30: IPv4 Address ................................................................................... 51
Figure 31: Subnet Mask Address........................................................................ 52
Intel Confidential
5
6
Figure 32: Default Gateway Address .................................................................. 53
Figure 33: Preferred DNS Address ..................................................................... 54
Figure 34: Alternate DNS Address ...................................................................... 55
Figure 35: Wired LAN IPV6 Configuration ............................................................ 56
Figure 36: IPv6 Feature Selection – Disabled ...................................................... 57
Figure 37: IPv6 Feature Selection – Enabled ....................................................... 58
Figure 38: IPv6 Interface ID Type ...................................................................... 59
Figure 39: IPv6 Interface ID ............................................................................. 60
Figure 40: IPv6 Address ................................................................................... 61
Figure 41: IPv6 Default Router .......................................................................... 62
Figure 42: Preferred DNS IPv6 Address .............................................................. 63
Figure 43: Alternate DNS IPv6 Address .............................................................. 64
Figure 44: Wireless LAN IPV6 Configuration ........................................................ 65
Figure 45: IPv6 Feature Selection ...................................................................... 66
Figure 46: IPv6 Interface ID Type ...................................................................... 67
Figure 47: IPv6 Interface ID (wireless) ............................................................... 68
Figure 48: Activate Network Access ................................................................... 69
Figure 49: Unconfigure Network Access .............................................................. 70
Figure 50: Unconfigure Network Access .............................................................. 71
Figure 51: Unconfigure Network Access .............................................................. 72
Figure 52: Remote Setup and Configuration ........................................................ 73
Figure 53: Current Provisioning Mode ................................................................. 74
Figure 54: Provisioning record ........................................................................... 75
Figure 55: Intel Remote Configuration screen...................................................... 77
Figure 56: Activate RCFG .................................................................................. 78
Figure 57: Provisioning Server IPV4/IPV6 ........................................................... 79
Figure 58: Provisioning Server Port number ........................................................ 80
Figure 59: Provisioning Server FQDN ................................................................. 81
Figure 60: Intel TLS PSK Configuration screen ..................................................... 82
Figure 61: Set PID and PPS ............................................................................... 83
Figure 62: Set PID and PPS ............................................................................... 84
Figure 63: Delete PID and PPS .......................................................................... 85
Figure 64: Intel Remote Configuration screen...................................................... 86
Intel Confidential
Figure 65: Remote Configuration ....................................................................... 87
Figure 66: PKI DNS Suffix ................................................................................. 88
Figure 67: Manage Hashes ................................................................................ 89
Figure 68: No hash detected ............................................................................. 89
Figure 69: Adding a new hash name .................................................................. 90
Figure 70: Selecting Hash Format ...................................................................... 91
Figure 71: Selecting Hash Format (SHA256) ....................................................... 92
Figure 72: Selecting Hash Format (SHA384) ....................................................... 92
Figure 73: Selecting Hash Format (Please choose a supported Hash Algorithm) ....... 93
Figure 74: Add Hash - certificate ....................................................................... 93
Figure 75: Add Hash - active ............................................................................. 94
Figure 76: Deleting a hash ................................................................................ 95
Figure 77: Change Active State of Hash .............................................................. 96
Figure 78: View Hash details ............................................................................. 97
Figure 79: Exit confirmation .............................................................................. 98
Figure 80: Intel
®
Standard Manageability Configuration ........................................ 99
Figure 81: Intel
®
Standard Manageability Configuration menu ............................. 100
Figure 82: SOL/IDER/KVM Menu under Intel
®
Standard Manageability Configuration100
Figure 83: User Opt-in options under Intel
®
Standard Manageability Configuration 101
Figure 84: Intel
®
Level III Manageability Configuration ....................................... 102
Figure 85: Intel
®
Level III Manageability Configuration menu .............................. 102
Figure 86: Intel
®
MEBX CPU Replacement popup message .................................. 105
Intel Confidential
7
Revision History
Document
Number
Revision
Number
0.8
0.9
1.0
1.1
1.2
Description
Alpha 2 Release
Beta Release
Production Candidate
Hot Fix
Support Workstation platform
§
Revision Date
June 2010
August 2010
November 2010
December 2010
May 2011
8
Intel Confidential
Introduction
1 Introduction
1.1 Intel
®
Management Engine (Intel
®
MEBX) Overview
ME) and Intel
Management Engine BIOS Extension (Intel
®
®
The Intel
®
Management Engine (Intel
®
ME) is an isolated and protected computing resource. The Intel ME provides the following IT management features independent of the installed OS:
Intel
®
Active Management Technology (Intel
®
AMT 7.0), allowing improved management of corporate assets.
Intel ME configuration is included in the BIOS by the Intel
®
Management Engine BIOS
Extension (Intel
®
MEBX). The Intel MEBX provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.
1.2 Scope of document
This document describes how to configure the Intel MEBX for Intel
®
6 Series Chipset
Family/Intel
®
PCH platforms with Intel AMT 7.0.
Note: The Intel ME configuration procedures described in this guide are part of the larger
Intel
®
vPro™ technology activation and provisioning process. These configuration procedures can vary significantly (or be performed automatically) and depend on which third-party management console you are using. See the Related Documentation
section of this guide (section 1.5) for a list of Intel-authored provisioning guides that
are specific to several popular management consoles. These provisioning guides provide the end-to-end process for provisioning your Intel
®
vPro™ computers with the specified management console, and may or may not include references to the Intel ME manual configuration procedures in this guide (depending on which provisioning model is used).
Intel Confidential
9
1.3
Introduction
Target Audience
This user guide is primarily intended for Information Technology (IT) administrators and system integrators with experience in implementing complex computer and network installations. It is not intended for general audiences.
Note: Readers should have a basic understanding of networking and computer technology terms, such as TCP/IP, DHCP, IDE, DNS, Subnet Mask, Default Gateway and Domain
Name. Explanation of these terms is beyond the scope of this document.
1.4 Acronyms
Acronym
ASF
BIOS
DHCP
DNS
EIT
EPS
IP
LAN
MSP
OPK
OS
PRTC
FW
G3
GbE
GMT
HW
HBP
Intel ® AMT
Intel ® ME
Intel ® MEBX
Intel ® MEI
Description
Alert Standard Format
Basic Input Output System
Dynamic Host Configuration Protocol
Domain Name Server
Embedded Information Technology (see VA)
VA Private Store
Intel‟s VA Specific Store in an ME-owned flash area separate from 3PDS. The size is one (1) physical page
(4K bytes)
Firmware
Complete Power loss (AC power plug pulled)
Gigabit Ethernet
Greenwich Mean Time
Hardware
Host Based Provisioning
Intel ® Active Management Technology
Intel ® Management Engine
Intel ® Management Engine BIOS Extension
Intel ® Management Engine Interface
Internet Protocol
Local Area Network
Manageability Service Provider
OEM Pre-Installation Kit
Operating system
Protected Real Time Clock
10
Intel Confidential
Introduction
Acronym
RCFG
S3
S4
S5
SPI
SW
TCP
UTC
VA
VLAN
WOL
1.5
Description
Remote Configuration
Standby sleep state
Hibernate sleep state
Shutdown sleep state
Serial Peripheral Interface
Software
Transmission Control Protocol
Coordinated Universal Time
Virtual Appliance
Virtual LAN
Wake on LAN
Related Documentation
Refer to the Intel
®
vPro™ Expert Center‟s user documentation page, available at the link below, for a collection of documents containing further information on the Intel
® vPro™ provisioning process, including specific documents for implementing Intel
® vPro™ technology with a number of popular management consoles: http://communities.intel.com/community/openportit/vproexpert?view=documentsIn addition, please refer to the Intel
®
vPro™ Expert Center at the link below for general information about Intel
®
vPro™ technology: http://communities.intel.com/community/openportit/vproexpert
§
Intel Confidential
11
Client System Requirements
2 Client System Requirements
The client system referred to in this document is based on the Intel
®
6 Series Chipset
Family/Intel
®
PCH platform, and is managed by Intel Management Engine. The following firmware and software requirements are required to be installed and set up before the Intel Management Engine can be configured and run in the client system:
An SPI flash device programmed with Intel AMT 7.0 flash image integrating
BIOS, Intel Management Engine and GbE component images
BIOS set up with Intel AMT enabled
To enable all of the Intel Management Engine features within Microsoft
Operating System, device drivers (Intel
®
MEI/SOL/LMS) must be installed and configured on the client system for features to work/run correctly in the client system
§
12
Intel Confidential
Client System Requirements
Intel Confidential
13
Intel® ME Manageability Features
3 Intel
®
ME Manageability
Features
The Intel MEBX menu for digital office SKUs provides platform level configuration options for the IT-administrator to configure the behavior of the Intel ME platform.
The behavior includes platform configuration such as individual feature enable/disable and power configurations.
The following section provides the details on each Intel MEBX configuration option and the constraints, if any, for a given option.
Note: When you change Intel
®
ME Platform Configuration settings, the changes are committed to the Intel ME‟s non-volatile memory when you exit from Intel MEBX (the changes are not cached). Therefore, if Intel MEBX crashes before you exit, the changes made until that point are LOST and the changed settings are NOT saved.
3.1 Access Intel
®
MEBX Configuration User Interface
The Intel MEBX configuration user interface can be accessed on a client system through the following steps:
1. On rebooting the system, after the initial boot screen, the following message will be displayed: „Press <CTRL-P> to enter Intel® ME Setup‟
Note: To enter the Intel MEBX, press <Ctrl-P> as soon as possible, since this message is displayed for only a few seconds. Also note that the OEM may replace the control character <Ctrl-P> with another one or don‟t display it at all.
Note: <Ctrl-P> will be hidden when SoL or KVM session is established. Users are not able to access MEBx UI in this scenario.
Note: If Intel® AMT has been configured, <CTLR-ALT-F1> will also be displayed along with
<CTRL-P>. It is designed for end users to use Fast call for Help feature either inside or outside of corporate network environment when Intel® AMT systems are not discovered by management console.
14
Intel Confidential
Intel® ME Manageability Features
2. Enter the Intel Management Engine password under „MEBX Password‟. Press
Enter. The default password is „admin‟. This default password can be altered by
the user. Please refer to section 3.3 for Intel ME password details.
3. The Intel MEBX screen is displayed, as shown in section 3.2.
3.2 Intel
®
MEBX Main Menu
Figure 1: Intel
®
MEBX Configuration User Interface Main Menu
The options displayed in the main menu can vary depending on OEM implementation decisions. The main menu selections are:
Intel ME General Settings
Intel
®
AMT Configuration
Exit
Note: Intel MEBX will display only detected options. If one or more of these options does not appear, verify that the system supports the relevant missing feature.
Intel Confidential
15
3.3
Intel® ME Manageability Features
Change Intel
®
ME Password
The default password is “admin” and is configured identically on all newly deployed platforms. When an IT administrator first enters the Intel MEBX configuration menu with the default password, he or she must change the default password before any feature can be used.
The new Intel MEBX password must meet the following requirements for strong passwords:
1. Password Length: At least 8 characters, and no more than 32.
2. Password Complexity: Password must include the following:
At least one digit character („0‟, „1‟, … „9‟)
At least one 7-bit ASCII non alpha-numeric character (e.g. '!', '$', ';'), but excluding „:‟,
„,‟ and „”‟ characters.
At least one lower-case letter ('a', „b‟…‟z‟) and at least one upper case letter ('A',
„B‟…'Z').
Note: „_‟ (underscore) and „ „ (whitespace) are valid password characters but do NOT contribute to the password‟s complexity.
Note: There are certain limitations creating passwords with non-US layout keyboards.
Remote system connectivity may occur if different keyboard layouts are used on the same hardware.
Note: When entering more than 32 characters the software changes the 32 nd character on every new character pressed when in the last character position in the
MEBx UI. So whatever the last character typed on the 32 nd
position, it will replace the existing character in that position.
Note: The password can be reset to the default setting (admin) by shutting down the system, removing AC and DC power and performing a RTC reset.
16
Intel Confidential
Intel® ME Manageability Features
3.4 Intel
®
ME Platform Configuration Menu
Under the Intel MEBX main menu,
1. Select „Intel ME General Settings‟.
2. Press Enter.
The following message is displayed: „Acquiring General Settings configuration‟.
The Intel
®
MEBX main menu changes to the Intel
®
ME Platform Configuration page.
This page allows the IT administrator to configure the specific functionality of the
Intel
®
ME, such as password, power options, etc.
Figure 2: Intel
®
ME Platform Configuration
3.4.1
Note: The option of “Intel® ME State Control” appearing in previous versions of MEBx has been removed in order to avoid end users accidentally disable Intel® ME. The option can now be offered by system BIOS. Please refer to Cougar Point Intel® ME
BIOS Writer‟s Guide (section 4.2) for more details.
Change Intel
®
ME Password
Under the Intel
®
ME Platform Configuration menu,
Intel Confidential
17
Intel® ME Manageability Features
1. Select „Change Intel
®
ME Password‟.
2. Press Enter.
The Intel ME New Password prompt is displayed as in Figure 3.
Figure 3: Change Intel
®
ME Password
3.4.2
1. At the Intel
®
ME New Password prompt, enter your new password. (Please be aware of the password policies and restrictions mentioned in section 3.3)
2. At the Verify Password prompt, re-enter your new password.
Your password is now changed.
FW Update Settings
Under Intel
®
ME Platform Configuration,
1. Select „FW Update Settings‟.
2. Press Enter.
The Intel
®
ME Platform Configuration screen changes to FW Update Settings page.
18
Intel Confidential
Intel® ME Manageability Features
Figure 4: FW Update Settings
3.4.2.1 Local FW Update
Under the FW Update Settings,
1. Select „Local FW Update‟.
2. Press Enter.
Intel Confidential
19
Figure 5: Local FW Update
Intel® ME Manageability Features
20
Intel
®
ME Firmware Local Update provides the capability to allow or prevent firmware local update in the field. When the “Enabled” option is selected, the IT-admin is able to update the Intel Intel
®
ME firmware locally via the local Intel Management Engine interface or via the local secure interface.
The following options can be selected:
Disabled – Do NOT allow Local Intel ME FW Update
Enabled – Allow Local Intel ME FW Update
Password Protected – Local FW update is protected by MEBx password
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled‟.
Intel Confidential
Intel® ME Manageability Features
2. Press Enter.
To select Password Protected:
1. Select „Password Protected‟.
2. Press Enter.
3.4.2.2 Previous Menu
Under the FW Update Settings screen,
1. Select „Previous Menu‟.
2. Press Enter.
The FW Update Settings screen changes to the Intel
®
ME Platform Configuration screen.
3.4.3 Set PRTC
Under Intel
®
ME Platform Configuration,
1. Select „Set PRTC‟.
2. Press Enter.
Figure 6: Set PRTC
Intel Confidential
21
Intel® ME Manageability Features
Valid date range: 1/1/2004 – 1/4/2021. Setting the PRTC value is used for virtually maintaining PRTC during the power-off (G3) state.
1. Enter PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS)
2. Press Enter.
22
Intel Confidential
Intel® ME Manageability Features
3.4.4 Power Control
Under Intel
®
ME Platform Configuration,
1. Select „Power Control‟.
2. Press Enter.
The Intel
®
ME Platform Configuration screen changes to the Intel
®
ME Power Control screen.
Figure 7: Power Control
To comply with ENERGY STAR* and EUP LOT6 requirements, the Intel ME can be turned off in various sleep states. The Intel ME Power Control menu configures the
Intel ME platform power related policies.
Intel Confidential
23
Intel® ME Manageability Features
3.4.4.1 Intel
®
ME ON in Host Sleep States
Under Intel ME Power Control,
1. Select „Intel ME ON in Host Sleep States‟.
2. Press Enter.
3. Move the Up/Down arrow key to select the desired power policy
4. Press Enter
Figure 8: Intel
®
ME ON in Host Sleep States
24
The selected power package determines when the Intel ME is turned ON. The default power package can be modified by using FITC or by FPT.
The end user administrator can choose which power package to use depending on the systems usage.
The table below illustrates the details of the power packages.
With Intel
®
ME WoL, after the time-out timer expires, the Intel
®
ME remains in the Moff state until a command is sent to the ME. After this command has been sent, the
Intel
®
ME will transition to an M0 or M3 state and will respond to the next command
Intel Confidential
Intel® ME Manageability Features
that is sent. A ping to the Intel
®
ME will also cause the Intel
®
ME to go into an M0 or
M3 state.
The Intel ME takes a short time to transition from the M-off state to the M0 or M3 state. During this time, Intel
®
AMT will not respond to any Intel
®
ME commands.
When the Intel
®
ME has reached the M0 or M3 state, the system will respond to Intel
®
ME commands.
Table 1: Supported Power Packages
Power Package
S0
S3
1
ON
OFF
2
ON
ON /ME WoL
S4/S5
OFF ON/ ME WoL
3.4.4.2 Idle Time Out
Under Intel
®
ME Power Control,
1. Select „Idle Time Out‟.
2. Press Enter.
Intel Confidential
25
Figure 9: Idle Timeout
Intel® ME Manageability Features
This setting is used to enable the Intel ME Wake on and to define the Intel ME idle timeout in M3 state. The value should be entered in minutes. The value indicates the amount of time that the Intel ME is allowed remain idle in M3 before transitioning to the M-off state. Note: If the Intel ME is in M0, it will NOT transition to M-off.
3.4.4.3 Previous Menu
Under Intel
®
ME Power Control,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel ME Power Control screen changes to the Intel
®
ME Platform Configuration screen.
3.4.5 Previous Menu
Under Intel
®
ME Platform Configuration,
1. Select „Previous Menu‟.
26
Intel Confidential
Intel® ME Manageability Features
2. Press Enter.
The Intel
®
ME Platform Configuration screen changes to the Main Menu.
3.5 Intel
®
AMT Configuration
Under the Main Menu,
1. Select „Intel
®
AMT Configuration‟.
2. Press Enter.
The Main Menu changes to the Intel
®
AMT Configuration screen.
3.5.1 Manageability Feature Selection
Under the Intel
®
AMT Configuration screen,
1. Select „Manageability Feature Selection‟.
2. A message is displayed:
[Caution] Disabling reset network settings including network ACLs to factory default. System resets on MEBx exit.
Continue: (Y/N)
. Press Y to change setting or N to cancel.
Figure 10: Manageability Feature Selection
Intel Confidential
27
Intel® ME Manageability Features
When the Manageability Feature Selection is enabled, the Intel ME manageability feature menu will be shown. Leaving it disabled means that manageability will not be enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled‟.
2. Press Enter.
3.5.2 SOL/IDER/KVM
Under the Intel
®
AMT Configuration (with Intel AMT enabled),
1. Select „SOL/IDER/KVM‟.
2. Press Enter.
The Intel
®
AMT Configuration changes to the SOL/IDER/KVM screen.
3.5.2.1 Username and Password
Under the SOL/IDER/KVM screen,
1. Select „Username and Password‟.
2. Press Enter.
28
Intel Confidential
Intel® ME Manageability Features
Figure 11: Username and Password
This option provides the user authentication for SOL/IDER session. If Kerberos* is used, this option should be set to DISABLED. The user authentication is handled through Kerberos. If Kerberos is not used, the IT administrator has the choice to enable or disable user authentication on SOL/IDER session.
The following options can be selected:
Disabled- Username and Password is disabled.
Enabled- Username and Password is enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
3.5.2.2 SOL
Under the SOL/IDER/KVM screen,
Intel Confidential
29
1. Select „SOL‟.
2. Press Enter.
Figure 12: SOL
Intel® ME Manageability Features
30
SOL allows the console input/output of an Intel AMT managed client to be redirected to a management server console (if the client system supports SOL). If the system does not support SOL, this value cannot enable it.
The following options can be selected:
Disabled- SOL is disabled.
Enabled- SOL is enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
Note: disabling SOL does not remove this feature but just blocks it from being used.
Intel Confidential
Intel® ME Manageability Features
3.5.2.3 IDER
Under the SOL/IDER/KVM screen,
1. Select „IDER‟.
2. Press Enter.
Figure 13: IDER
IDE-R allows an Intel AMT managed client to be booted by a management console from a remote disk image. If the client system does not support IDE-R, this value cannot enable it.
The following options can be selected:
Disabled- IDER is disabled.
Enabled- IDER is enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
Intel Confidential
31
Intel® ME Manageability Features
1. Select „Enabled ID‟.
2. Press Enter.
Note: disabling IDER does not remove this feature but just blocks it from being used.
3.5.2.4 Legacy Redirection Mode
Under the SOL/IDER/KVM screen,
1. Select „Legacy Redirection Mode‟.
2. Press Enter.
Figure 14: Legacy Redirection Mode
32
Legacy Redirection Mode controls how the redirection works. If set to disabled, the console needs to open the redirection ports before each session. This is meant for enterprise consoles and new SMB consoles that support opening the redirection ports.
The old SMB consoles (before Intel AMT 6.0) which don‟t support opening the redirection ports function need to manually turn on the redirection port through this
Intel MEBX option. When selecting the mode, the message shown in Figure
Intel Confidential
Intel® ME Manageability Features
Legacy Redirection Mode “notification”
below will be displayed when users will select the “Legacy Redirection Mode”. Please press enter to continue.
Figure 15: Legacy Redirection Mode “notification”
The following options can be selected:
Disabled- legacy redirection Mode is disabled. (default)
Enabled- the port is left open at all times when redirection is enabled in the Intel
MEBX. It is the same as what used to be SMB mode in previous projects. Old
(before Intel AMT 6.0) SMB consoles will need this mode in order to succeed opening redirection sessions.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
Intel Confidential
33
3.5.2.5 KVM
Under the SOL/IDER/KVM screen,
1. Select „KVM‟.
2. Press Enter.
Figure 16: KVM
Intel® ME Manageability Features
34
The following options can be selected:
Disabled - Disable KVM Feature.
Enabled - Enable KVM Feature.
Note: disabling KVM does not remove this feature but disables it. KVM will not work in this case.
Note: KVM feature is NOT supported on Intel
®
C600 series chipset platform, or other platform design without Intel
®
Integrated Graphics.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
Intel Confidential
Intel® ME Manageability Features
To select Enabled:
1. Select „Enabled‟.
2. Press Enter.
3.5.2.6 Previous Menu
Under the SOL/IDER/KVM screen,
1. Select „Previous Menu‟.
2. Press Enter.
The SOL/IDER/KVM screen changes to the Intel
®
AMT Configuration screen.
3.5.3 User Consent
Sets whether local user consent is required before remote computer can establish a
KVM Remote Control session to the local computer. Also sets whether the remote computer‟s user can configure the KVM Opt-In Policy.
Under the Intel
®
AMT Configuration,
1. Select „User Consent‟.
2. Press Enter.
The Intel
®
AMT Configuration changes to the User Consent Configuration screen.
3.5.3.1 User Opt-in
Under the User Consent Configuration screen,
1. Select „User Opt-in‟.
2. Press Enter.
Intel Confidential
35
Figure 17: User Opt-in
Intel® ME Manageability Features
36
The following options can be selected:
None: Local User Consent is not required for a remote computer to establish KVM
Remote Control session.
KVM: Local User Consent is required for a remote computer to establish KVM
Remote Control session.
All: Local User Consent is required for SOL, IDER and KVM
NOTE: When using Host Based Provisioning, Client mode will override this setting and behave as if the “ALL” option has been selected. More details regarding Host Based
Provisioning and Client Mode can be found in the Activator++ User guide and the UCT
(User Consent Tool) user guide in the SDK kit
To select ‟None‟:
1. Select „None‟.
2. Press Enter.
To select ‟KVM‟:
1. Select „KVM‟ .
Intel Confidential
Intel® ME Manageability Features
2. Press Enter.
To select ‟All‟:
1. Select „All‟ .
2. Press Enter.
3.5.3.2 Opt-in Configurable from remote IT
This setting determines whether a remote computer‟s user can configure the Opt-In
Policy when establishing a KVM Remote Control session to this computer.
Under the User Consent Configuration screen,
1. Select „Opt-in Configurable from remote IT‟.
2. Press Enter.
Figure 18: Opt-in Configurable from remote IT
The following options can be selected:
Intel Confidential
37
Intel® ME Manageability Features
Disable Remote Control of KVM Opt-in Policy – This option disables the remote user‟s ability to change User OPT-IN Policy. In this case only the local user can control the opt-in policy.
Enable Remote Control of KVM Opt-in Policy - Enables remote user‟s ability to change User OPT-IN Policy. Allows remote user to choose whether or not to request local user consent before establishing KVM Remote Control session to this computer.
To select Disable:
1. Select „Disable Remote Control of KVM Opt-in Policy‟.
2. Press Enter.
To select Enable:
1. Select „Enable Remote Control of KVM Opt-in Policy‟.
2. Press Enter.
3.5.3.3 Previous Menu
Under the User Consent Configuration menu,
1. Select „Previous Menu‟.
2. Press Enter.
The screen changes to the Intel
®
AMT Configuration screen.
3.5.4 Password Policy
Under the Intel
®
AMT Configuration screen,
1. Select „Password Policy‟.
2. Press Enter.
38
Intel Confidential
Intel® ME Manageability Features
The password policies are displayed as follows:
Figure 19: Password Policy
There are two passwords for the firmware. The Intel MEBX password is the password that is entered when a user is physically at the system. The network password is the password that is entered when accessing an Intel ME enabled system through the network. By default they are both the same until the network password is changed via the network. Once changed over the network, the network password will always be kept separate from the local Intel MEBX password.
This option determines when the user is allowed to change the Intel MEBX password through the network.
Note: The Intel MEBX password can always be changed via the Intel MEBX user interface.
Options:
Default Password Only – The Intel MEBX password can be changed through the network interface if the default password has not been changed yet.
Intel Confidential
39
Intel® ME Manageability Features
During Setup and Configuration – The Intel MEBX password can be changed through the network interface during the setup and configuration process but at no other time. Once the setup and configuration process is complete, the Intel MEBX password cannot be changed via the network interface.
Anytime – The Intel MEBX password can be changed through the network interface at any time.
3.5.5 Network Setup
Under the Intel
®
AMT Configuration screen,
1. Select „Network Setup‟.
2. Press Enter.
The Intel
®
AMT Configuration screen changes to the Intel
®
ME Network Setup page.
Figure 20: Intel
®
ME Network Setup
40
Intel Confidential
Intel® ME Manageability Features
3.5.5.1 Intel
®
ME Network Name Settings
Under the Intel
®
ME Network Setup menu,
1. Select „Intel
®
ME Network Name Settings‟.
2. Press Enter.
The Intel
®
ME Network Setup menu changes to the Intel
®
ME Network Name Settings page.
3.5.5.1.1 Host Name
Under the Intel
®
ME Network Name Settings menu,
1. Select „Host Name‟.
2. Press Enter.
The Computer Host Name prompt is displayed as follows:
Figure 21: Host Name
A host name can be assigned to the Intel AMT machine. This will be the hostname of the Intel AMT enabled system.
Intel Confidential
41
3.5.5.1.2 Domain Name
Under the Intel
®
ME Network Name Settings menu,
1. Select „Domain Name‟.
2. Press Enter.
Intel® ME Manageability Features
The Computer Domain Name prompt is displayed as follows:
Figure 22: Domain Name
A domain name can be assigned to the Intel AMT machine.
3.5.5.1.3 Shared/Dedicated FQDN
Under the Intel
®
ME Network Name Settings menu,
1. Select „Shared/Dedicated FQDN‟.
2. Press Enter.
42
Intel Confidential
Intel® ME Manageability Features
Figure 23: Shared/Dedicated FQDN
This setting determines whether the Intel ME Fully Qualified Domain Name (FQDN)
(i.e. the "HostName.DomainName") is shared with the host and identical to the operating system machine name or dedicated to the Intel ME.
The following options can be selected:
Dedicated- The FQDN domain name is dedicated to ME.
Shared- The FQDN domain name is shared with the Host.
To select Dedicated:
1. Select „Dedicated‟.
2. Press Enter.
To select Shared:
1. Select „Shared‟.
2. Press Enter.
3.5.5.1.4 Dynamic DNS Update
Under the Intel
®
ME Network Name Settings menu,
Intel Confidential
43
1. Select „Dynamic DNS Update‟.
2. Press Enter.
Figure 24: Dynamic DNS Update
Intel® ME Manageability Features
44
If Dynamic DNS Update is enabled then the firmware will actively try to register its IP addresses and FQDN in DNS using the Dynamic DNS Update protocol. If DDNS
Update is disabled then the firmware will make no attempt to update DNS using DHCP option 81 or Dynamic DNS update. If the DDNS Update state (Enabled or Disabled) is not configured by the user at all then the firmware will assume its old implementation where the firmware used DHCP option 81 for DNS registration but did not directly update DNS using the DDNS update protocol. For selecting “Enabled” for Dynamic
DNS Update it is required that the Host Name and Domain Name be set.
The following options can be selected:
Disabled- The Dynamic DNS Update Client in FW is disabled.
Enabled- The Dynamic DNS Update Client in FW is enabled.
To select Disabled:
1. Select „Disabled‟.
Intel Confidential
Intel® ME Manageability Features
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
3.5.5.1.5 Periodic Update Interval
Note: This option is only available when Dynamic DNS Update is enabled.
Under the Intel
®
ME Network Name Settings menu,
1. Select „periodic update interval‟.
2. Press Enter.
Figure 25: Periodic Update Interval
Defines the interval at which the firmware DDNS Update client will send periodic updates. It should be set according to corporate DNS scavenging policy. Units are minutes. A value of 0 disables periodic update. The value set should be equal or
Intel Confidential
45
Intel® ME Manageability Features
greater than 20 minutes. The default value for this property is 24 hours - 1440 minutes.
1. Enter desired interval.
2. Press Enter.
3.5.5.1.6 TTL
Note: This option is only available when Dynamic DNS Update is enabled.
Under the Intel
®
ME Network Name Settings menu,
1. Select „TTL‟.
2. Press Enter.
Figure 26: TTL
46
This setting allows configuring the TTL time in seconds. This number should be greater than zero. If set to zero firmware uses its internal default value which is 15 min or 1/3 of lease time for DHCP.
Intel Confidential
Intel® ME Manageability Features
1. Enter desired time (in seconds).
2. Press Enter.
3.5.5.1.7 Previous Menu
Under the Intel
®
ME Network Name Settings menu,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
ME Network Name Settings menu changes to the Intel
®
ME Network Setup page.
3.5.5.2 TCP/IP Settings
Under the Intel
®
ME Network Setup menu,
1. Select „TCP/IP Settings‟.
2. Press Enter.
The Intel Network Setup menu changes to the TCP/IP Settings page.
Note: The Intel MEBX has menus for Wireless IPV6, but no menu for wireless IPV4.
When the Intel MEBX starts it will check for the wireless interface to make the decision to display the wireless IPV6 menu or not.
3.5.5.2.1 Wired LAN IPV4 Configuration
Under the TCP/IP Settings,
1. Select „Wired LAN IPV4 Configuration‟.
2. Press Enter.
The TCP/IP Settings menu changes to the Wired LAN IPV4 Configuration page.
Intel Confidential
47
Figure 27: Wired LAN IPV4 Configuration
Intel® ME Manageability Features
3.5.5.2.2 DHCP Mode
Under the Wired LAN IPV4 Configuration,
1. Select „DHCP Mode‟.
2. Press Enter.
48
Intel Confidential
Intel® ME Manageability Features
Figure 28: DHCP Mode Enabled
Figure 29: DHCP Mode Disabled
The following options can be selected:
Intel Confidential
49
Intel® ME Manageability Features
DISABLED - If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a system is in static mode the system may require a second
IP address. This IP address, often called the Intel ME IP address may be different from the host IP address.
ENABLED - If DHCP Mode is enabled, TCP/IP settings will be configured by a DHCP server. To select ENABLED:
1. Select „ENABLED‟.
2. Press Enter.
No additional steps are required.
To select DISABLED:
1. Select „DISABLED‟.
2. Press Enter.
If you disable DHCP, more options will be displayed, as shown above.
3.5.5.2.3 IPv4 Address
Under the Wired LAN IPV4 Configuration,
1. Select „IPv4 Address‟.
2. Press Enter.
50
Intel Confidential
Intel® ME Manageability Features
Figure 30: IPv4 Address
1. Enter the IPv4 Address.
2. Press Enter.
3.5.5.2.4 Subnet Mask Address
Under the Wired LAN IPV4 Configuration,
1. Select „Subnet Mask Address‟.
2. Press Enter.
Intel Confidential
51
Figure 31: Subnet Mask Address
Intel® ME Manageability Features
1. Enter the Subnet Mask Address.
2. Press Enter.
52
Intel Confidential
Intel® ME Manageability Features
3.5.5.2.5 Default Gateway Address
Under the Wired LAN IPV4 Configuration,
1. Select „Default Gateway Address‟.
2. Press Enter.
Figure 32: Default Gateway Address
1. Enter the Default Gateway Address.
2. Press Enter.
3.5.5.2.6 Preferred DNS Address
Under the Wired LAN IPV4 Configuration,
1. Select „Preferred DNS Address‟.
2. Press Enter.
Intel Confidential
53
Figure 33: Preferred DNS Address
Intel® ME Manageability Features
1. Enter the Preferred DNS Address.
2. Press Enter.
3.5.5.2.7 Alternate DNS Address
Under the Wired LAN IPV4 Configuration,
1. Select „Alternate DNS Address‟.
2. Press Enter.
54
Intel Confidential
Intel® ME Manageability Features
Figure 34: Alternate DNS Address
1. Enter the Alternate DNS Address.
2. Press Enter.
3.5.5.2.8 Previous Menu
Under the Wired LAN IPV4 Configuration,
1. Select „Previous Menu‟.
2. Press Enter.
The Wired LAN IPV4 Configuration menu changes to the TCP/IP Settings menu.
Intel Confidential
55
Intel® ME Manageability Features
3.5.5.2.9 Wired LAN IPV6 Configuration
Under the TCP/IP Settings,
1. Select „Wired LAN IPV6 Configuration‟.
2. Press Enter.
The TCP/IP Settings menu changes to the Wired LAN IPV6 Configuration page.
Note: The Intel
®
ME network stack supports a multi-homed IPv6 interface. Each network interface can be configured with the following IPv6 addresses:
1. One link local auto-configured address
2. Up to three auto-configured addresses
3. One DHCPv6 configured address
4. One statically configured IPv6 address
The Intel ME IPv6 addresses are dedicated and not shared with the host operating system. To enable Dynamic DNS registration for IPv6 addresses it is required to configure a dedicated FQDN.
Figure 35: Wired LAN IPV6 Configuration
56
Intel Confidential
Intel® ME Manageability Features
3.5.5.2.10 IPv6 Feature Selection
Under the Wired LAN IPV6 Configuration,
1. Select „IPv6 Feature Selection‟.
2. Press Enter.
Figure 36: IPv6 Feature Selection – Disabled
Intel Confidential
57
Figure 37: IPv6 Feature Selection – Enabled
Intel® ME Manageability Features
DISABLED - The IPv6 interface is currently disabled.
ENABLED - The IPv6 interface is currently enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
3.5.5.2.11 IPv6 Interface ID Type
Under the Wired LAN IPV6 Configuration,
1. Select „IPv6 Interface ID Type‟.
2. Press Enter.
58
Intel Confidential
Intel® ME Manageability Features
Figure 38: IPv6 Interface ID Type
The auto-configured IPv6 address consists of two parts, the IPv6 Prefix set by the
IPv6 router is the first and the interface ID is following part (64 bits each).
The following options can be selected:
RANDOM ID - The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041. This is the default.
Intel ID - The IPv6 Interface ID is automatically generated using the MAC address.
Manual ID - The IPv6 Interface ID is configured manually. Selecting this type requires that the Manual Interface ID is set with a valid value.
To select Random ID:
1. Select „Random ID‟.
2. Press Enter.
To select Intel ID:
1. Select „Intel ID‟.
2. Press Enter.
Intel Confidential
59
Intel® ME Manageability Features
To select Manual ID:
1. Select „Manual ID‟.
2. Press Enter. A new option of IPV6 Interface ID will be displayed below IPV6
Interface ID Type
3. Select „IPV6 Interface ID‟.
4. Press Enter.
5. Enter preferred Manual ID.
Figure 39: IPv6 Interface ID
3.5.5.2.12 IPv6 Address
Under the Wired LAN IPV6 Configuration,
1. Select „IPv6 Address‟.
2. Press Enter.
60
Intel Confidential
Intel® ME Manageability Features
Figure 40: IPv6 Address
1. Enter the IPv6 Address.
2. Press Enter.
Intel Confidential
61
3.5.5.2.13 IPv6 Default Router
Under the Wired LAN IPV6 Configuration,
1. Select „IPv6 Default Router‟.
2. Press Enter.
Figure 41: IPv6 Default Router
Intel® ME Manageability Features
1. Enter the IPv6 Default Router.
2. Press Enter.
3.5.5.2.14 Preferred DNS IPv6 Address
Under the Wired LAN IPV6 Configuration,
1. Select „Preferred DNS IPv6 Address‟.
2. Press Enter.
62
Intel Confidential
Intel® ME Manageability Features
Figure 42: Preferred DNS IPv6 Address
1. Enter the Preferred DNS IPv6 Address.
2. Press Enter.
3.5.5.2.15 Alternate DNS IPv6 Address
Under the Wired LAN IPV6 Configuration,
1. Select „Alternate DNS IPv6 Address‟.
2. Press Enter.
Intel Confidential
63
Figure 43: Alternate DNS IPv6 Address
Intel® ME Manageability Features
1. Enter the Alternate DNS IPv6 Address.
2. Press Enter.
3.5.5.2.16 Previous Menu
Under the Wired LAN IPV6 Configuration,
1. Select „Previous Menu‟.
2. Press Enter.
The Wired LAN IPV6 Configuration menu changes to the TCP/IP Settings menu.
3.5.5.2.17 Wireless LAN IPV6 Configuration
Under the TCP/IP Settings,
1. Select „Wireless LAN IPV6 Configuration‟.
2. Press Enter.
The TCP/IP Settings menu changes to the Wireless LAN IPV6 Configuration page.
64
Intel Confidential
Intel® ME Manageability Features
Figure 44: Wireless LAN IPV6 Configuration
3.5.5.2.18 IPv6 Feature Selection
Under the Wireless LAN IPV6 Configuration,
1. Select „IPv6 Feature Selection‟.
2. Press Enter.
Intel Confidential
65
Figure 45: IPv6 Feature Selection
Intel® ME Manageability Features
DISABLED - The IPv6 interface is currently disabled.
ENABLED - The IPv6 interface is currently enabled.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Enabled ID‟.
2. Press Enter.
3.5.5.2.19 IPv6 Interface ID Type
Under the Wireless LAN IPV6 Configuration,
1. Select „IPv6 Interface ID Type‟.
2. Press Enter.
66
Intel Confidential
Intel® ME Manageability Features
Figure 46: IPv6 Interface ID Type
An auto-configured IPv6 address consists of two parts, the IPv6 Prefix set by the IPv6 router is the first and the interface ID is following part (64 bits each).
The following options can be selected:
RANDOM ID - The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041. This is the default.
Intel ID - The IPv6 Interface ID is automatically generated using the MAC address.
Manual ID - The IPv6 Interface ID is configured manually. Selecting this type requires that the Manual Interface ID is set with a valid value.
To select Random ID:
1. Select „Random ID‟.
2. Press Enter.
To select Intel ID:
1. Select „Intel ID‟.
2. Press Enter.
Intel Confidential
67
Intel® ME Manageability Features
To select Manual ID:
1. Select „Manual ID‟.
2. Press Enter. A new option of IPV6 Interface ID will be displayed below IPV6
Interface ID Type
3. Select „IPV6 Interface ID‟.
4. Press Enter.
5. Enter preferred Manual ID.
Figure 47: IPv6 Interface ID (wireless)
3.5.5.2.20 Previous Menu
Under the Wireless LAN IPV6 Configuration,
1. Select „Previous Menu‟.
2. Press Enter.
The Wireless LAN IPV6 Configuration menu changes to the TCP/IP Settings menu.
3.5.5.2.21 Previous Menu
Under the TCP/IP Settings menu,
1. Select „Previous Menu‟.
68
Intel Confidential
Intel® ME Manageability Features
2. Press Enter.
The TCP/IP Settings menu changes to the Intel
®
ME Network Setup menu.
3.5.5.3 Previous Menu
Under the Intel
®
ME Network Setup menu,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
ME Network Setup menu changes to the Intel
®
AMT Configuration menu.
3.5.6 Activate Network Access
Under the Intel
®
AMT Configuration menu,
1. Select „Activate Network Access‟.
2. Press Enter.
3. Press „Y‟ to activate or press „N‟ to cancel
Figure 48: Activate Network Access
Intel Confidential
69
Intel® ME Manageability Features
Activate Network Access causes the Intel ME to transition to the POST provisioning state if all required settings are configured. Without Activating Network Access, ME will not be able to connect to the network.
Note: Power policy will change to PP2 after activating if the default power policy is set to PP1.
3.5.7 Unconfigure Network Access
Under the Intel
®
AMT Configuration menu,
1. Select „Unconfigure Network Access‟.
2. Press Enter.
Note: This will cause Intel ME to transition to the PRE provisioning state.
Figure 49: Unconfigure Network Access
70
3. Select Y to unconfigure.
The following screen appears:
Intel Confidential
Intel® ME Manageability Features
Figure 50: Unconfigure Network Access
Full Unprovision - The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041. This is the default.
Partial Unprovision - The IPv6 Interface ID is automatically generated using the
MAC address.
1. Select „Full Unprovision‟:
2. Press Enter.
Or
1. select „Partial Unprovision‟:
2. Press Enter.
The following screen appears:
Intel Confidential
71
Figure 51: Unconfigure Network Access
Intel® ME Manageability Features
3.5.8 Remote Setup and Configuration
Under Intel
®
AMT Configuration,
1. Select „Remote Setup and Configuration‟.
2. Press Enter.
The Intel
®
AMT Configuration screen changes to the Intel
®
Automated Setup and
Configuration screen.
Note: The following list is displayed when Intel® AMT is in pre-provision mode.
72
Intel Confidential
Intel® ME Manageability Features
Figure 52: Remote Setup and Configuration
3.5.8.1 Current Provisioning Mode
Under Intel Automated Setup and Configuration,
1. Select „Current Provisioning Mode‟.
2. Press Enter.
Intel Confidential
73
Figure 53: Current Provisioning Mode
Intel® ME Manageability Features
Current Provisioning Mode – Displays the current provisioning TLS Mode: None,
PKI, or PSK.
3.5.8.2 Provisioning Record
Under Intel Automated Setup and Configuration,
1. Select „Provisioning Record‟.
2. Press Enter.
74
Intel Confidential
Intel® ME Manageability Features
Figure 54: Provisioning record
Provisioning Record – Displays the system‟s provision PSK/PKI record data. If the data has not been entered, the Intel MEBX displays a message stating “Provision
Record not present”.
If the data is entered, the Provision record will display the following:
TLS provisioning mode – Displays the current configuration mode of the system:
None, PSK or PKI.
Provisioning IP – The IP address of the setup and configuration server.
Date of Provision – Displays the date and time of the provisioning in the format
MM/DD/YYYY at HH:MM.
DNS – indicates whether the "PKI DNS Suffix" was configured in Intel MEBX before remote configuration took place or not. A value of 0 indicates that the DNS Suffix was not configured and the firmware will rely on DHCP option 15 and compare this suffix to the FQDN in the Configuration Server's client certificate. A value of 1 indicates that the DNS Suffix was configured and the firmware matched it against the DNS Suffix in the Configuration Server's client certificate. Host Initiated –
Intel Confidential
75
Intel® ME Manageability Features
Indicates whether the setup and configuration process was initiated by the host:
„No‟ indicates that the setup and configuration process was NOT host-initiated,
„Yes‟ indicates the setup and configuration process was host-initiated (PKI only).
Hash Data – Displays the 40-character certificate hash data (PKI only).
Hash Algorithm – Describes the hash type. Currently only SHA1 is supported.
(PKI only).
IsDefault – Displays „Yes‟ if the Hash algorithm is the default algorithm selected.
Displays „No‟ if the hash algorithm is NOT the default algorithm used (PKI only).
FQDN – FQDN of the provisioning server mentioned in the certificate (PKI only).
Serial Number – The 32-character string that indicates the Certificate Authority serial numbers.
Time Validity Pass – Indicates whether the certificate passed the time validity check.
3.5.8.3 RCFG
Under Intel
®
Automated Setup and Configuration,
1. Select „RCFG‟.
2. Press Enter.
The Intel
®
Automated Setup and Configuration screen changes to the Intel
®
Remote
Configuration screen.
76
Intel Confidential
Intel® ME Manageability Features
Figure 55: Intel Remote Configuration screen
Intel Confidential
77
3.5.8.3.1 Start Configuration
Under the Intel
®
Remote Configuration screen,
1. Select „Start Configuration‟.
2. Press Enter.
Figure 56: Activate RCFG
Intel® ME Manageability Features
If Remote Configuration is not activated, Remote configuration cannot occur.
To activate (enable) remote configuration, select Y.
3.5.8.3.2 Previous Menu
Under the Intel
®
Remote Configuration menu,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
Remote Configuration screen changes to the Intel
®
Automated Setup and
Configuration screen.
78
Intel Confidential
Intel® ME Manageability Features
3.5.8.4 Provisioning Server IPV4/IPV6
Under the Intel
®
Automated Setup and Configuration screen,
1. Select „Provisioning Server IPV4/IPV6‟.
2. Press Enter.
Figure 57: Provisioning Server IPV4/IPV6
The IP address of the Intel
®
AMT provisioning server.
1. Enter provisioning server address.
2. Press Enter.
Intel Confidential
79
Figure 58: Provisioning Server Port number
Intel® ME Manageability Features
The port number (0 – 65535) of the Intel
®
AMT provisioning server. The default port number is 9971.
1. Enter provisioning server port number.
2. Press Enter.
3.5.8.5 Provisioning Server FQDN
Under the Intel
®
Automated Setup and Configuration screen,
1. Select „Provisioning Server FQDN‟.
2. Press Enter.
80
Intel Confidential
Intel® ME Manageability Features
Figure 59: Provisioning Server FQDN
FQDN of the provisioning server mentioned in the certificate (PKI only). This is also the FQDN of the server that AMT sends hello packets to for both PSK and PKI
1. Enter the FQDN of the provisioning server.
2. Press Enter.
3.5.8.6 TLS PSK
Under Intel
®
Automated Setup and Configuration,
1. Select „TLS PSK‟.
2. Press Enter.
The Intel
®
Automated Setup and Configuration screen changes to the Intel
®
Remote
Configuration screen.
Intel Confidential
81
Figure 60: Intel TLS PSK Configuration screen
Intel® ME Manageability Features
This submenu contains the settings for TLS PSK configuration settings.
3.5.8.6.1 Set PID and PPS
Under the Intel
®
Remote Configuration screen,
1. Select „Set PID and PPS‟.
2. Press Enter.
82
Intel Confidential
Intel® ME Manageability Features
Figure 61: Set PID and PPS
Setting the PID/PPS will cause a partial unprovision if the setup and configuration is
“In-process”. The PID and PPS should be entered in the dash format. (Ex. PID: 1234-
ABCD ; PPS: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD).
Note- A PPS value of „0000-0000-0000-0000-0000-0000-0000-0000‟ will not change the setup configuration state. If this value is used, the setup and configuration state will remain „Not-started‟.
1. Enter PID.
2. Press Enter.
1. Enter PPS.
2. Press Enter.
If an invalid entry is attempted, an error message will be displayed:
Intel Confidential
83
Figure 62: Set PID and PPS
Intel® ME Manageability Features
3.5.8.6.2 Delete PID and PPS
Under the Intel
®
Remote Configuration screen,
1. Select „Delete PID and PPS‟.
2. Press Enter.
84
Intel Confidential
Intel® ME Manageability Features
Figure 63: Delete PID and PPS
This option deletes the current PID and PPS stored in Intel ME. If the PID and PPS were not entered previously, the Intel MEBX will return an error message.
To delete the PID and PPS entries, select Y, else N.
3.5.8.6.3 Previous Menu
Under the Intel
®
Remote Configuration screen,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
Remote Configuration changes to the Intel
®
Automated Setup and
Configuration screen.
Intel Confidential
85
Intel® ME Manageability Features
3.5.8.7 TLS PKI
Under Intel
®
Automated Setup and Configuration,
1. Select „TLS PKI‟.
2. Press Enter.
The Intel
®
Automated Setup and Configuration screen changes to the Intel
®
Remote
Configuration screen.
Figure 64: Intel Remote Configuration screen
3.5.8.7.1 Remote Configuration
Under the Intel
®
Remote Configuration screen,
1. Select „Remote Configuration‟.
2. Press Enter.
86
Intel Confidential
Intel® ME Manageability Features
Figure 65: Remote Configuration
Enabling/Disabling Remote configuration will cause a partial un-provision if the setup and configuration server is “In-process”.
The following options can be selected:
Disabled- remote configuration is disabled. Only „Remote Configuration‟ and
„Previous Menu‟ items are visible.
Enabled- remote configuration is enabled, this will show additional fields.
To select Disabled:
1. Select „Disabled‟.
2. Press Enter.
To select Enabled:
1. Select „Disabled‟.
2. Press Enter.
3.5.8.7.2 PKI DNS Suffix
Under the Intel
®
Remote Configuration screen,
1. Select „PKI DNS Suffix ‟.
Intel Confidential
87
2. Press Enter.
Figure 66: PKI DNS Suffix
Intel® ME Manageability Features
Key Value will be maintained in the EPS.
1. Enter the PKI DNS Suffix.
2. Press Enter.
3.5.8.7.3 Manage Hashes
Under the Intel Remote Configuration screen,
1. Select „Manage Hashes ‟.
2. Press Enter.
88
Intel Confidential
Intel® ME Manageability Features
Figure 67: Manage Hashes
Selecting this option will enumerate the hashes in the system and display the Hash
Name and the active and default state. If the system does not contain any hashes yet,
Intel MEBX will display the following screen.
Figure 68: No hash detected
Intel Confidential
89
Intel® ME Manageability Features
Answering „Yes‟ will begin the process of adding customized hash. Please see the next section below.
The Manage Certificate Hash screen provides keyboard controls for managing the hashes on the system. The following keys are valid when in the Manage Certificate
Hash menu:
Escape key – exits from the menu
Insert key – adds a customized certificate hash to the system.
Delete key –deletes the currently selected certificate hash from the system.
„+‟ key – Changes the active state of the currently selected certificate hash.
Enter key – Displays the details of the currently selected certificate hash.
3.5.8.7.4 Adding a Customized Hash
When the Insert key is pressed in the Manage Certificate Hash screen, the following screen is displayed.
Figure 69: Adding a new hash name
90
Intel Confidential
Intel® ME Manageability Features
To add a customized certificate hash:
Enter the hash name (up to 32 characters). When you press „Enter‟, you are prompted to select the algorithm of hash being used for PKI provisioning. Enter Y if SHA1 is being used, otherwise enter N
Figure 70: Selecting Hash Format
The supported hash algorithms are:
1. SHA1
2. SHA2-256
3. SHA2-384
If SHA1 is not chosen, in the next screen you are prompted to select the option of supported SHA2 algorithm. Enter Y if SHA256 is being used, otherwise enter N.
Intel Confidential
91
Figure 71: Selecting Hash Format (SHA256)
Intel® ME Manageability Features
When SHA256 is not chosen, in the next screen enter Y to select SHA2-384.
Figure 72: Selecting Hash Format (SHA384)
92
If N is entered, an error message will be shown to prompt the user to select one supported algorithm
Intel Confidential
Intel® ME Manageability Features
Figure 73: Selecting Hash Format (Please choose a supported Hash Algorithm)
After selecting desired Hash Algorithm, you are prompted to enter the certificate hash value.
Figure 74: Add Hash - certificate
Intel Confidential
93
Intel® ME Manageability Features
The Certificate hash value is a hexadecimal number (for SHA-1 it is 20 bytes for SHA-
2 it is 32 bytes). If the value is not entered in the correct format, the message
“Invalid Hash Certificate Entered - Try Again” is displayed. When you press „Enter‟, you are prompted to set the active state of the hash.
Figure 75: Add Hash - active
Your response sets the active state of the customized hash as follows:
Yes – The customized hash will be marked as active.
No (Default) – The customized hash will added to the EPS but will not be active
3.5.8.7.5 Deleting a hash
Note: A certificate hash that is set to Default cannot be deleted.
When the Delete key is pressed in the Manage Certificate Hash screen, the following screen is displayed.
94
Intel Confidential
Intel® ME Manageability Features
Figure 76: Deleting a hash
This option allows deleting of the selected certificate hash.
Yes – Intel MEBX sends the firmware a message to delete the selected hash.
No – Intel MEBX does not delete the selected hash, and returns to Remote
Configuration.
Intel Confidential
95
Intel® ME Manageability Features
3.5.8.7.6 Changing the Active State
When the „+‟ key is pressed in the Manage Certificate Hashes screen, the following screen is displayed as seen in the following screen.
Figure 77: Change Active State of Hash
Answering Y toggles the active state of the currently selected certificate hash. Setting a hash as active indicates that the hash is available for use during PSK provisioning.
3.5.8.7.7 Viewing a Certificate Hash
When the Enter key is pressed in the Manage Certificate Hash screen, the following screen is displayed.
96
Intel Confidential
Intel® ME Manageability Features
Figure 78: View Hash details
The details of the selected certificate hash are displayed to the user and include the following:
hash name
certificate hash data
active and default states
3.5.8.7.8 Previous Menu
Under the Intel
®
Remote Configuration screen,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
Remote Configuration screen changes to the Intel
®
Automated Setup and
Configuration screen.
3.5.8.8 Previous Menu
Under the Intel
®
Automated Setup and Configuration screen,
Intel Confidential
97
3.5.9
Intel® ME Manageability Features
1. Select „Previous Menu‟.
2. Press Enter.
Intel
®
Automated Setup and Configuration screen changes to the Intel
®
AMT
Configuration screen.
Previous Menu
Under the Intel
®
Amt Configuration screen,
1. Select „Previous Menu‟.
2. Press Enter.
The Intel
®
Amt Configuration screen changes to the Main Menu.
3.6 Exit
Under the Main Menu,
1. Select „Exit‟.
2. Press Enter.
Figure 79: Exit confirmation
98
Intel Confidential
Intel® ME Manageability Features
To exit MEBx, select “Y”, else select “N”
3.7 Intel
®
Standard Manageability Configuration
For platforms supporting Intel
®
Standard Manageability (e.g Q67 with non-vPro configuration and Q65), instead of Intel
®
AMT Configuration, the option of Intel
®
Standard Manageability Configuration will be displayed in MEBx setup menu.
Figure 80: Intel
®
Standard Manageability Configuration
The menu under Intel
®
Standard Manageability Configuration is the same as that displayed in Intel
®
AMT Configuration.
Intel Confidential
99
Intel® ME Manageability Features
Figure 81: Intel
®
Standard Manageability Configuration menu
In the menus of SOL/IDER/KVM and “User Consent”, the KVM-related options are removed as KVM feature is not supported by Intel
®
Standard Manageability.
Figure 82: SOL/IDER/KVM Menu under Intel
®
Standard Manageability Configuration
100
Intel Confidential
Intel® ME Manageability Features
Figure 83: User Opt-in options under Intel
®
Standard Manageability Configuration
3.8 Intel
®
Level III Manageability Configuration
For platforms supporting Intel
®
Level III Manageability (e.g. B65 and HM67 with
Intel
®
upgrade service), instead of Intel
®
AMT Configuration, the option of Intel
®
Level
III Manageability Configuration will be displayed in MEBx setup menu.
The menu under Intel
®
Level III Manageability Configuration is the same as that displayed in Intel
®
AMT Configuration. KVM is supported in Intel
®
Level III
Manageability.
Intel Confidential
101
Figure 84: Intel
®
Level III Manageability Configuration
Intel® ME Manageability Features
Figure 85: Intel
®
Level III Manageability Configuration menu
102
Intel Confidential
Intel® ME Manageability Features
3.9 Intel
®
MEBX CPU Replacement Flow
The Intel
®
MEBX is responsible for identifying CPU replacement, whenever CPU Type changes between CORE (vPro eligible) CPU, Core (Non-vPro eligible) CPU, PENTIUM
CPU and CELERON CPU. MEBX is responsible for notifying Intel
®
ME FW about CPU
TYPE populated. In return Intel
®
ME FW may request popup message to be exposed to
End User demanding CPU Replacement approval.
The scenarios that result in Intel
®
MEBX displaying CPU Replacement related message to End User is:
1) CPU Type was Downgraded, e.g. from CORE (vPro eligible) CPU to PENTIUM
CPU or from Core (Non-vPro eligible) CPU to CELERON CPU.
In this scenario Intel® ME FW will request End User Approval since Intel
®
ME FW feature set strongly relies on plugged in CPU TYPE. The message is displayed to guard End User before unintentional CPU downgrades which would automatically result in loosing Intel
®
ME FW feature set, for example un-configuration of AMT
Feature Set. Instead, End User has option of either accepting CPU change or rejecting it before Intel
®
ME FW triggers System Features reconfiguration. If End
User decides to reject the CPU change, it is required to shut down the platform and replace original CPU. If no End User interaction is provided then after 10 seconds wait time, Intel
®
MEBX will follow up assuming End User accepted CPU change.
The following exceptions capture when Intel® ME FW will not request CPU
Replacement confirmation from End User (and the CPU Replacement message will not be shown):
1. When system is in Manufacturing Mode Intel® ME FW doesn‟t expect any messaging from user – in other words it‟s assumed to be informed change in
CPU.
2. First boot after flashing in ME Region – Intel® ME FW doesn‟t expect any CPU replacement related flows that require user assistance
Intel Confidential
103
104
Intel® ME Manageability Features
3. When CPU Type was upgraded and new system features are enabled Intel®
ME FW doesn‟t expect any CPU replacement related flows that require user assistance. The examples of such an upgrade are: a. CELERON CPU changed to PENTIUM CPU b. CELERON CPU changed to Core (Non-vPro eligible) CPU c. CELERON CPU changed to CORE (vPro eligible) CPU d. PENTIUM CPU changed to Core (Non-vPro eligible) CPU e. PENTIUM CPU changed to CORE (vPro eligible) CPU f. Core (Non-vPro eligible) CPU changed to CORE (vPro eligible) CPU
Figure 80 represents message that will be exposed to End User whenever CPU
Replacement took place downgrading CPU capabilities. This message will not be shown if replaced CPU has the same capabilities as the old one (e.g. changing PENTIUM capable CPU to another PENTIUM capable CPU).
The message will be shown for 10 seconds and if End User did NEITHER pressed “y” or “Y” key NOR shut down the platform Intel
®
MEBX will proceed with assumption that End User approved CPU change.
The valid changes that will result in the following message are:
1) CORE (vPro eligible) CPU changed to Core (Non-vPro eligible) CPU
2) CORE (vPro eligible) CPU changed to PENTIUM CPU
3) CORE (vPro eligible) CPU changed to CELERON CPU
4) Core (Non-vPro eligible) CPU changed to PENTIUM CPU
5) Core (Non-vPro eligible) CPU changed to CELERON CPU
6) PENTIUM CPU changed to CELERON CPU.
The following actions are expected to be done by End User when the message from
Figure 86 is shown:
1) Press “y” or “Y” if End User approves CPU change that was performed on purpose. Platform global reset
*
will follow in which Intel
®
ME will populate new feature set to whole ME infrastructure (kernel and all applications) based on modified CPU type.
Intel Confidential
Intel® ME Manageability Features
2) Press “n” or any other key if End User disapproves CPU replacement change and CPU was replaced unintentionally. The system will halt permanently displaying the message shown in Figure 80. End User is expected to shut down the platform and replace original CPU.
3) If no action is perfromed by End User for 10 seconds Intel
®
MEBX will follow up assuming End User accepted CPU change. Platform global reset
*
will follow in which Intel
®
ME will populate new feature set to whole ME infrastructure
(kernel and all applications) based on modified CPU type.
Note*: Two resets might be observed as the 2nd reset is due to the SOL/IDER setting changed when changing occurs between vPro CPU and non-vPro CPU. Please refer to
Appendix C for different causes to global reset.
Figure 86: Intel
®
MEBX CPU Replacement popup message
Intel Confidential
105
Intel® ME Manageability Features
Appendix A: Changes to
Configuration Modes
In Intel AMT 5.0 and under, there were two operational modes – SMB and Enterprise.
In Intel AMT 6.0 and AMT 7.0, their functionality has been integrated to provide the same functionality previously available in Enterprise mode. The new configuration options are “Manual Setup and Configuration” available for SMB customers and
“Automatic Setup and Configuration.
Figure 57: Configuration Modes
Setting
Intel
®
AMT 5.0 and under
Default
Enterprise
Mode
SMB Mode
Intel
®
AMT 6.0/7.0
Default
TLS mode Enabled Disabled
Disabled, can be enabled at a later time
Enabled Web UI Disabled
IDER/SOL/KVM
Redirection network interface enabled
Disabled
Legacy
Redirection
Mode (Controls
FW listening for incoming redirection connections)
Disabled
Enabled
Enabled if feature enabled in
Intel
®
MEBX
Enabled if feature enabled in
Intel
®
MEBX
Enabled, can be disabled at a later time
Disabled (Need to set to
“Enabled” in order to work with Legacy SMB consoles)
Manual configuration can be performed using the following six steps:
Note: you must have a DHCP server in your environment.
1. Burn the firmware.
106
Intel Confidential
Intel® ME Manageability Features
2. Enter the Intel MEBX and change the password.
3. Enter Intel ME General Settings menu.
4. Select Activate Network Access.
5. Choose “y” in the confirmation message.
6. Exit the Intel MEBX.
Intel Confidential
107
Intel® ME Manageability Features
Appendix B: Changes to Redirection
Protocols
Before Intel AMT 6, firmware had the small/medium business (SMB) and the enterprise (ENT) provisioning modes. ENT was inherently more secure than SMB, which was meant to be more open and easy, but less secure. This change had an effect on the redirection protocols.
Before Intel AMT 6:
SMB: redirection ports were left open and Intel ME was listening constantly to the ports. ISV‟s writing consoles that dealt with redirection would then just open a connection to the ME machine. No extra steps were needed. The following flow was used:
1. Open a connection
2. Perform redirection actions (SOL/IDER)
3. Close the connection.
ENT:
Redirection ports were closed meaning Intel ME was not listening for redirection connections. An SMB console wishing to open a connection to an ENT machine would fail since the ports were closed. For the connection to succeed (and how ENT consoles are implemented in the market) the following flow was used:
1. Send “open port” command to the Intel ME machine
2. Open a connection
3. Perform redirection actions (SOL/IDER)
4. Close the connection
5. Send “close port” command to the Intel ME machine
In Intel AMT 6 and Intel AMT 7:
Since both provisioning modes are combined, the more secure option was chosen, but to ensure backwards compatibility for older SMB consoles (that need the ports left
108
Intel Confidential
Intel® ME Manageability Features
open to succeed in creating SOL/IDER connections since they do not send the open/close commands) we needed another setting, the “legacy redirection mode”.
If “legacy redirection mode” is set to enabled, the ports are left open, and SMB consoles will be able to connect (open and close the port is not needed)
If “legacy redirection mode” is set to disabled, the ports are closed and the console needs the extra command to open/close the ports in order to connect.
The user can go into Intel MEBx, or use a USB key to set this setting. If the USB key is a legacy one prepared by an SMB console, Intel MEBx automatically sets the legacy redirection mode to Enabled. Since SMB configuration required manual touch anyway, this poses no customer issue.
Intel Confidential
109
Intel® ME Manageability Features
Appendix C: Global Reset from MEBx
Several MEBx configuration options require a global reset after they have been edited by the user. The reset is flagged while in the MEBx UI and passed back to BIOS to perform the reset request. The MEBx UI has to keep track of which configuration options require a global reset after exiting MEBx. Multiple techniques are used to ensure the global reset flow is entered correctly. The MEBx uses 2 flags for its logic related to signaling global resets: Reboot and Exit. The „Reboot‟ flag indicates that the current option will require a reboot after exiting MEBx. The „Exit‟ flag is used to force the user out of the MEBx UI.
Reboot – MEBx must set this flag when an option that requires a global reset has been edited from its original state. A list of global reset options is itemized in the table below.
Exit – MEBx must completely exit the UI immediately after editing the option.
Table of MEBx UI Global Reset Options:
Option
Max Logins exceeded
CPU String Emulation
Manageability Feature Selection (EN->DIS)
Manageability Feature Selection (DIS->EN)
SOL IDER Username/Password
KVM State
SOL state
IDER state
Reboot
Y
Y
Y
N
Y
Y
Y
Y
Exit
Y
N
N
N
N
N
N
N
110
Intel Confidential
Intel® ME Manageability Features
Other MEBx global reset scenarios include
1. CPU replacement
2. ME Unconfiguration without MEBx password through system BIOS setting
(BPF)
3. ME Unconfiguration by clearing CMOS
These global resets happen when BIOS execute MEBx binary during post. In these cases MEBx will pass the global reset flag to BIOS to perform global reset without going through MEBx User Interface.
Intel Confidential
111
Intel® ME Manageability Features
Appendix D: PID-PPS Checksum
The PID and PPS are made up of ASCII codes of some combination of characters – capital alphabet characters (A–Z), and numbers (0–9).
• The PID is an eight character entry of the form: XXXX-XXXC (where "C" is the
CRC (Cyclic Redundancy Check) of the preceding characters) and is sent in the open.
• The PPS is a thirty-two character quantity of the form:
XXXC-XXXC-XXXC-XXXC-XXXC-XXXC-XXXC-XXXC (where "C" is the CRC of the preceding characters) and is a secret shared between the Intel AMT device and the Setup and Configuration Server.
When the PID and PPS are entered via the MEBx sub menu/USB key, the firmware checks for checksum characters embedded in the values. The last character of the
PID is expected to be a checksum of the previous seven characters, and the fourth character in each group of four characters in the PPS is expected to be a checksum of the previous three characters. This check is made to reduce the possibility of operator error when entering these values.
112
Intel Confidential
Intel® ME Manageability Features
Appendix E: Intel
®
MEBX Options
Being Reflected in the Firmware
Below is the list of MEBx options which will be reflected in FW when saved.
Note: Those settings are located in data region of the FW, and, when saved, FW will look at the saved settings and run the corresponding execution when necessary.
Option
MEBx Login
Change ME Password
Set PRTC
Local FW Update
Intel(R) ME ON in Host Sleep States
Idle Timeout
Manageability Feature Selection
Password Policy
Activate Network Access
Unconfigure Network Access
Username and Password
SOL
IDER
Legacy Redirection Mode
KVM Feature Selection
User Opt-in
Opt-in Configurable from Remote IT
Host Name
Domain Name
Shared/Dedicated FQDN
Dynamic DNS Update
Periodic Update Interval
TTL
Reflected in the firmware
Instantly
Instantly
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Instantly
Instantly
Instantly
Instantly
Instantly
Instantly
Instantly
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Intel Confidential
113
114
Option
DHCP Mode
IPV4 Address
Subnet Mask Address
Default Gateway Address
Preferred DNS Address
Alternate DNS Address
IPV6 Feature Selection
IPV6 Interface ID Type
IPV6 Interface ID
IPV6 Address
IPV6 Default Router
Preferred DNS IPV6 Address
Alternate DNS IPV6 Address
Wireless IPV6 Feature Selection
Wireless IPV6 Interface ID Type
Wireless IPV6 Interface ID
Current Provisioning Mode
Provisioning Record
Provisioning Server IPV4/IPV6
Provisioning Server IPV4/IPV6
Provisioning Server FQDN
Start Configuration
Halt Configuration
Set PID and PPS **
Delete PID and PPS **
Remote Configuration **
Manage Hashes
PKI DNS Suffix
Intel® ME Manageability Features
Reflected in the firmware
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
None
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Upon Exiting Intel MEBX
Instantly
Instantly
Instantly
Instantly
Instantly
Instantly
Upon Exiting Intel MEBX
Intel Confidential
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 9 Introduction
- 9 MEBX) Overview
- 9 Scope of document
- 10 Target Audience
- 10 Acronyms
- 11 Related Documentation
- 12 Client System Requirements
- 14 ME Manageability Features
- 14 MEBX Configuration User Interface
- 15 MEBX Main Menu
- 16 ME Password
- 17 ME Platform Configuration Menu
- 17 ME Password
- 18 FW Update Settings
- 21 Set PRTC
- 23 Power Control
- 26 Previous Menu
- 27 AMT Configuration
- 27 Manageability Feature Selection
- 28 SOL/IDER/KVM
- 35 User Consent
- 38 Password Policy
- 40 Network Setup
- 69 Activate Network Access
- 70 Unconfigure Network Access
- 72 Remote Setup and Configuration
- 98 Previous Menu