Class AMT_EndpointAccessControlService
Used in features: Endpoint
Access Control
Compatible with the following Intel AMT Releases: 3.0,
3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_ManagedSystemElement
CIM_LogicalElement
CIM_EnabledLogicalElement
CIM_Service
AMT_EndpointAccessControlService
Also see:
AMT_EACCredentialContext
class AMT_EndpointAccessControlService
- extends CIM_Service
General Information:
A AMT_EndpointAccessControlService is a
Logical Element that contains the information necessary to represent and manage
the functionality provided by a the Endpoint Access Control manager of Intel(R)
AMT.
Product Specific Usage:
In order to activate this service
a posture signer must be set, by creating AMT_EACCredentialContext
instance.
Qualifiers:
-------------
Version=6.0.0
Deprecation Notice:---------------------------
This class is deprecated. No longer supported by Intel CSME firmware starting with release 18.0.
Supported Fields
Summary |
string
|
Name The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed .
. .
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass that is used in the creation of an instance .
. .
|
string
|
SystemName The Name of the scoping System.
|
string
|
SystemCreationClassName The CreationClassName of the scoping
System.
|
string
|
ElementName A
user-friendly name for the object . . .
|
uint16
|
EnabledState
EnabledState is an integer enumeration that indicates the
enabled and disabled states of an element . . .
|
uint16
|
RequestedState
RequestedState is an integer enumeration that indicates the
last requested or desired state for the element, irrespective of the
mechanism through which it was requested . .
.
|
Methods Summary |
uint32 |
RequestStateChange(RequestedState, REF
Job, TimeoutPeriod) Requests that the state of the element be
changed to the value specified in the RequestedState parameter . .
.
|
uint32 |
GetPosture(PostureType,
SignedPosture, PostureChangeHash) This method returns (and
optionally updates) the EAC posture for the Intel(R) AMT device.
|
uint32 |
GetPostureHash(PostureType,
PostureChangeHash) This method returns an hash of the currently
available posture for the Intel(R) AMT device, which can be compared to
hash values from previous results to detect differences.
|
uint32 |
UpdatePostureState(UpdateType)
This command tells the Intel AMT device to reset its boot counters and
Agent Presence state counters.
|
uint32 |
GetEacOptions(EacVendors,
PostureHashAlgorithm) This method returns EAC options for the
Intel(R) AMT device.
|
uint32 |
SetEacOptions(EacVendors,
PostureHashAlgorithm) This method configures EAC options for
the Intel(R) AMT device.
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
Name
public string Name
- General Information:
The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed. This
functionality is described in more detail in the Description property of the
object.
Qualifiers:
-------------
Key
Override=Name
MaxLen=45
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass that is used in the creation of an instance. When used
with the other key properties of this class, this property allows all
instances of this class and its subclasses to be uniquely
identified.
Qualifiers:
-------------
Key
MaxLen=35
SystemName
public string SystemName
- General Information:
The Name of the scoping
System.
Qualifiers:
-------------
Key
MaxLen=15
Propagated=CIM_System.Name
SystemCreationClassName
public string SystemCreationClassName
- General Information:
The CreationClassName of the scoping
System.
Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that class.
Qualifiers:
-------------
MaxLen=45
EnabledState
public uint16 EnabledState
- General Information:
EnabledState is an integer enumeration that
indicates the enabled and disabled states of an element. It can also indicate
the transitions between these requested states. For example, shutting down
(value=4) and starting (value=10) are transient states between enabled and
disabled. The following text briefly summarizes the various enabled and
disabled states:
Enabled (2) indicates that the element is or could be
executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will
drop any new requests.
Shutting Down (4) indicates that the element is in
the process of going to a Disabled state.
Not Applicable (5) indicates the
element does not support being enabled or disabled.
Enabled but Offline
(6) indicates that the element might be completing commands, and will drop any
new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but
will queue any new requests.
Quiesce (9) indicates that the element is
enabled but in a restricted mode.
Starting (10) indicates that the element
is in the process of going to an Enabled state. New requests are
queued.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4,
5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other,
Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In
Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}
RequestedState
public uint16 RequestedState
- General Information:
RequestedState is an integer enumeration
that indicates the last requested or desired state for the element,
irrespective of the mechanism through which it was requested. The actual state
of the element is represented by EnabledState. This property is provided to
compare the last requested and current enabled or disabled states. Note that
when EnabledState is set to 5 ("Not Applicable"), then this property has no
meaning. Refer to the EnabledState property description for explanations of
the values in the RequestedState enumeration.
"Unknown" (0) indicates the
last requested state for the element is unknown.
Note that the value "No
Change" (5) has been deprecated in lieu of indicating the last requested state
is "Unknown" (0). If the last requested or desired state is unknown,
RequestedState should have the value "Unknown" (0), but may have the value "No
Change" (5).Offline (6) indicates that the element has been requested to
transition to the Enabled but Offline EnabledState.
It should be noted
that there are two new values in RequestedState that build on the statuses of
EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing
a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the
element is first "Disabled" and then "Enabled". The distinction between
requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests
an orderly transition to the Disabled state, and might involve removing power,
to completely erase any existing state. The Disabled state requests an
immediate disabling of the element, such that it will not execute or accept
any commands or processing requests.
This property is set as the
result of a method invocation (such as Start or StopService on CIM_Service),
or can be overridden and defined as WRITEable in a subclass. The method
approach is considered superior to a WRITEable property, because it allows an
explicit invocation of the operation and the return of a result code.
If knowledge of the last RequestedState is not supported for the
EnabledLogicalElement, the property shall be NULL or have the value 12 "Not
Applicable".
Qualifiers:
-------------
ValueMap={0, 2, 3,
4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled,
Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot,
Reset, Not Applicable, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}
RequestStateChange
public uint32 RequestStateChange([IN]uint16 RequestedState, [OUT]REF CIM_ConcreteJob Job, [IN]datetime TimeoutPeriod)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_ADMIN_REALM
General Information:
Requests
that the state of the element be changed to the value specified in the
RequestedState parameter. When the requested state change takes place, the
EnabledState and RequestedState of the element will be the same. Invoking the
RequestStateChange method multiple times could result in earlier requests
being overwritten or lost.
A return code of 0 shall indicate the state
change was successfully initiated.
A return code of 3 shall indicate that
the state transition cannot complete within the interval specified by the
TimeoutPeriod parameter.
A return code of 4096 (0x1000) shall indicate the
state change was successfully initiated, a ConcreteJob has been created, and
its reference returned in the output parameter Job. Any other return code
indicates an error
condition.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3,
4, 5, 6, .., 4096, 4097, 4098, 4099, 4100..32767,
32768..65535}
Values={Completed with No Error, Not Supported, Unknown or
Unspecified Error, Cannot complete within Timeout Period, Failed, Invalid
Parameter, In Use, DMTF Reserved, Method Parameters Checked - Job Started,
Invalid State Transition, Use of Timeout Parameter Not Supported, Busy, Method
Reserved, Vendor
Specific}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}
Parameters:
--------------
- RequestedState
- General Information:
The state requested for the element. This
information will be placed into the RequestedState property of the instance
if the return code of the RequestStateChange method is 0 ('Completed with No
Error'), or 4096 (0x1000) ('Job Started'). Refer to the description of the
EnabledState and RequestedState properties for the detailed explanations of
the RequestedState
values.
Qualifiers:
-------------
IN
ValueMap={2, 3,
4, 6, 7, 8, 9, 10, 11, .., 32768..65535}
Values={Enabled, Disabled, Shut
Down, Offline, Test, Defer, Quiesce, Reboot, Reset, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}
- Job
- General Information:
May contain a reference to the
ConcreteJob created to track the state transition initiated by the method
invocation.
Qualifiers:
-------------
IN=false
OUT
- TimeoutPeriod
- General Information:
A timeout period that specifies the
maximum amount of time that the client expects the transition to the new
state to take. The interval format must be used to specify the
TimeoutPeriod. A value of 0 or a null parameter indicates that the client
has no time requirements for the transition.
If this property does not
contain 0 or null and the implementation does not support this parameter, a
return code of 'Use Of Timeout Parameter Not Supported' shall be
returned.
Qualifiers:
-------------
IN
GetPosture
public uint32 GetPosture([IN]uint16 PostureType, [OUT]uint8 SignedPosture[2500], [OUT]uint8 PostureChangeHash[48])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_LOCAL_SYSTEM_REALM
General Information:
This
method returns (and optionally updates) the EAC posture for the Intel(R) AMT
device.
Qualifiers:
-------------
ValueMap={0, 1, 36,
2072}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_PARAMETER,
PT_STATUS_NO_ASSOCIATION}
Parameters:
--------------
- PostureType
- General Information:
The posture type to be
generated.
Qualifiers:
-------------
Required
IN
ValueMap={0}
Values={Attribute-Value
pair (AVP) type}
- SignedPosture
- General Information:
BLOB representation of a Signed NAC
Posture data
block.
Qualifiers:
-------------
OUT
OctetString
- PostureChangeHash
- General Information:
A computed hash value over the posture
data (fields like current time is omitted). This hash can be used to check
if the posture was changed, comparing to the last computed hash
value.
Qualifiers:
-------------
OUT
OctetString
GetPostureHash
public uint32 GetPostureHash([IN]uint16 PostureType, [OUT]uint8 PostureChangeHash[48])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_REALM
General Information:
This method
returns an hash of the currently available posture for the Intel(R) AMT
device, which can be compared to hash values from previous results to detect
differences.
Qualifiers:
-------------
ValueMap={0, 1, 36,
2072}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_PARAMETER,
PT_STATUS_NO_ASSOCIATION}
Parameters:
--------------
- PostureType
- General Information:
The posture type to be
generated.
Qualifiers:
-------------
Required
IN
ValueMap={0}
Values={Attribute-Value
pair (AVP) type}
- PostureChangeHash
- General Information:
A computed hash value over the posture
data (fields like current time is omitted). This hash can be used to check
if the posture was changed, comparing to the last computed hash
value.
Qualifiers:
-------------
OUT
OctetString
UpdatePostureState
public uint32 UpdatePostureState([IN]uint16 UpdateType)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_ADMIN_REALM
General Information:
This
command tells the Intel AMT device to reset its boot counters and Agent
Presence state
counters.
Qualifiers:
-------------
ValueMap={0, 1, 36,
2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_PARAMETER,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- UpdateType
- General Information:
The posture element to be
updated.
Qualifiers:
-------------
Required
IN
ValueMap={0,
1}
Values={PostureUpdateBootCounters,
PostureUpdateAgentPresenceState}
GetEacOptions
public uint32 GetEacOptions([OUT]uint32 EacVendors, [OUT]uint32 PostureHashAlgorithm)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_ADMIN_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
This
method returns EAC options for the Intel(R) AMT device.
Product
Specific Usage:
Additional Notes:
1) 'GetEacOptions' method is
supported in Intel AMT Release 4.0 and later
releases.
Qualifiers:
-------------
ValueMap={0,
1}
Values={PT_STATUS_SUCCESS,
PT_STATUS_INTERNAL_ERROR}
Parameters:
--------------
- EacVendors
- General Information:
Enabled EAC
Vendors
Qualifiers:
-------------
OUT
ValueMap={1, 2,
3, 4..65535}
values={EAC NAC, EAC NAP, EAC NAC and NAP, Reserved}
- PostureHashAlgorithm
- General Information:
Posture Hash
Type
Qualifiers:
-------------
OUT
ValueMap={1, 2, 3,
4..65535}
values={SHA-1-160, SHA-2-256, SHA-2-384,
Reserved}
SetEacOptions
public uint32 SetEacOptions([IN]uint32 EacVendors, [IN]uint32 PostureHashAlgorithm)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_ADMIN_REALM
General Information:
This
method configures EAC options for the Intel(R) AMT device.
Product
Specific Usage:
Additional Notes:
1) 'SetEacOptions' method is
supported in Intel AMT Release 4.0 and later
releases.
Qualifiers:
-------------
ValueMap={0, 1, 36,
38, 2066, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_INVALID_PARAMETER, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_UNSUPPORTED,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- EacVendors
- General Information:
Enabled EAC
Vendors
Qualifiers:
-------------
Required
IN
ValueMap={1,
2, 3, 4..65535}
values={EAC NAC, EAC NAP, EAC NAC and NAP,
Reserved}
- PostureHashAlgorithm
- General Information:
Posture Hash
Method
Qualifiers:
-------------
Required
IN
ValueMap={1,
2, 3, 4..65535}
values={SHA-1-160, SHA-2-256, SHA-2-384,
Reserved}
Get
public Get([OUT]AMT_EndpointAccessControlService Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_EAC_REALM, ADMIN_SECURITY_EAC_ADMIN_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context