Class AMT_GeneralSettings
Used in features: Network
Administration , Power Settings , Security Administration , General Info
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0,
5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_SettingData
AMT_GeneralSettings
class AMT_GeneralSettings
- extends CIM_SettingData
General Information:
This class contains all Intel(R) AMT general
settings.
Qualifiers:
-------------
Version=7.0.0
Supported Fields
Summary |
string
|
ElementName The
user-friendly name for this instance of SettingData . . .
|
string
|
InstanceID Within the scope of the instantiating Namespace,
InstanceID opaquely and uniquely identifies an instance of this
class.
|
boolean
|
NetworkInterfaceEnabled
Indicates whether the network interface is enabled
|
string
|
DigestRealm The
Intel(R) AMT device Digest Authentication Realm parameter as defined by
RFC 2617.
|
uint32
|
IdleWakeTimeout
Defines the minimum time value, in minutes, that Intel(R) AMT
will be powered after waking up from a sleep power state, or after the
host enters sleep or off state.This timer value will be reloaded whenever
Intel(R) AMT is servicing requests . . .
|
string
|
HostName Intel(R) AMT
host setting.
|
string
|
DomainName Intel(R)
AMT domain name setting.
|
boolean
|
PingResponseEnabled
Indicates whether Intel(R) AMT should respond to ping Echo
Request messages.
|
boolean
|
WsmanOnlyMode
Indicates whether Intel(R) AMT should block network interfaces
other than WS-Management.
|
uint32
|
PreferredAddressFamily
Preferred Address Family (IPv4/IPv6).
|
uint16
|
DHCPv6ConfigurationTimeout
Defines the Maximum Duration (DHCPv6 MRD for the Solicit
Message) in seconds during which the Intel(R) ME FW tries to locate a
DHCPv6 server . . .
|
boolean
|
DDNSUpdateEnabled
Defines whether the Dynamic DNS Update Client in FW is enabled
or not . . .
|
boolean
|
DDNSUpdateByDHCPServerEnabled
If the DDNS Update client in FW is disabled then this property
will define whether DDNS Update should be requested from the DHCP Server
for the shared IPv4 address and shared FQDN . . .
|
boolean
|
SharedFQDN Defines
Whether the FQDN (HostName.DomainName) is shared with the Host or
dedicated to ME . . .
|
string
|
HostOSFQDN Intel(R)
AMT host OS FQDN . . .
|
uint32
|
DDNSTTL Defines the
Time To Live value (cachable time) of RRs registered by the FW
DDNSUpdateClient . . .
|
uint32
|
AMTNetworkEnabled
When set to Disabled, the AMT OOB network interfaces (LAN and
WLAN) are disabled including AMT user initiated applications, Environment
Detection and RMCPPing . . .
|
boolean
|
RmcpPingResponseEnabled
Indicates whether Intel(R) AMT should respond to RMCP ping Echo
Request messages.
|
uint32
|
DDNSPeriodicUpdateInterval
Defines the interval at which the FW DDNS Update client will
send periodic updates for all the RRs registered by FW . . .
|
uint32
|
PresenceNotificationInterval
Defines the interval at which the FW will send periodic
WS-management events notifications (for the subscribed clients) whenever
network settings are changed . . .
|
uint32
|
Privacy Level
Defines the Privacy Level setting. Privacy Level defines the
values for privacy-related parameters by default and upon ME-unconfigure
event.The setting can have the following values: Default: SOL enabled =
true, IDER enabled = true, KVM enabled = true, Opt-in can be disabled =
true, opt-in configurable remotely = true . . .
|
uint32
|
PowerSource The
system current power source
|
uint32
|
ThunderboltDockEnabled When set to Disabled, a management console cannot communicate with Intel AMT via a Thunderbolt dock.
|
uint16
|
OemID The OEM's vendor ID as listed in the Peripheral Component Interconnect Special Interest Group (PCI-SIG) list of member companies.
|
Methods Summary |
|
Put(Instance) Changes
properties of the selected instance
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
|
AMTAuthenticate([IN]uint8 MC_Nonce[20], [OUT] uint8 Nonce[20],[OUT] string UUID[16],[OUT] string FQDN,[OUT] string FWVersion,
[OUT] uint32 AMTSVN,[OUT] uint32 SignatureMechanism,[OUT] uint8 Signature[512],[OUT] uint16 LengthOfCertificates[4],[OUT] uint8 Certificates[3000]);
Provides authentication of Intel AMT...
|
ElementName
public string ElementName
- General Information:
The user-friendly name for this instance of
SettingData. In addition, the user-friendly name can be used as an index
property for a search or query. (Note: The name does not have to be unique
within a namespace.)
Product Specific Usage:
This is a
read-only property.
In Intel AMT Release 6.0 and later releases value is
'Intel(r) AMT: General
Settings'
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=40
InstanceID
public string InstanceID
- General Information:
Within the scope of the instantiating
Namespace, InstanceID opaquely and uniquely identifies an instance of this
class.
Product Specific Usage:
This is a read-only property.
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT:
General
Settings'
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=256
NetworkInterfaceEnabled
public boolean NetworkInterfaceEnabled
- General Information:
Indicates whether the network interface is
enabled
Product Specific Usage:
This is a read-only
property.
DigestRealm
public string DigestRealm
- General Information:
The Intel(R) AMT device Digest
Authentication Realm parameter as defined by RFC 2617.
Product
Specific Usage:
This is a read-only
property.
Qualifiers:
-------------
MaxLen=65
IdleWakeTimeout
public uint32 IdleWakeTimeout
- General Information:
Defines the minimum time value, in minutes,
that Intel(R) AMT will be powered after waking up from a sleep power state, or
after the host enters sleep or off state.This timer value will be reloaded
whenever Intel(R) AMT is servicing requests. Note: this setting may not be
applicable under some power package definitions.
Product Specific
Usage:
The minimum value for this property is 1, maximum is 65535
HostName
public string HostName
- General Information:
Intel(R) AMT host
setting.
Product Specific Usage:
In Intel AMT Release 5.1,
maximum length was 32 characters.
In Intel AMT Release 6.0 and later
releases, maximum length is 63 characters.
Starting from Intel CSME 18.0, the hostname can contain Unicode characters, where each character is encoded as an html entity number, for example U+003C is represented by the ASCII string < or <. Maximum length of the string remains 63 bytes when encoded in UTF-8.
Qualifiers:
-------------
MaxLen=64
DomainName
public string DomainName
- General Information:
Intel(R) AMT domain name
setting.
Product Specific Usage:
In Intel AMT Release 5.1,
maximum length was 222 characters.
In Intel AMT Release 6.0 and later
releases, maximum length is 191
characters.
Qualifiers:
-------------
MaxLen=192
PingResponseEnabled
public boolean PingResponseEnabled
- General Information:
Indicates whether Intel(R) AMT should
respond to ping Echo Request messages.
Product Specific
Usage:
Additional Notes:
1) 'PingResponseEnabled' is a required
field for the Put command.
WsmanOnlyMode
public boolean WsmanOnlyMode
- General Information:
Indicates whether Intel(R) AMT should block
network interfaces other than WS-Management.
Product Specific
Usage:
By default AMT enables both WS-Management and legacy interfaces.
If set to true, only WS-Management will be enabled.
Additional Notes:
1) 'WsmanOnlyMode' is a required field for the Put command.
PreferredAddressFamily
public uint32 PreferredAddressFamily
- General Information:
Preferred Address Family
(IPv4/IPv6).
Product Specific Usage:
Preferred Address Family
(IPv4/IPv6) used for controlling outbound traffic such as events and user
initiated traffic.
For such traffic, the preferred addressing family will
be attempted first, but other considerations also apply, depending on the
traffic and the
destination.
Qualifiers:
-------------
ValueMap={0, 1,
2..}
Values={IPv4, IPv6, Reserved}
DHCPv6ConfigurationTimeout
public uint16 DHCPv6ConfigurationTimeout
- General Information:
Defines the Maximum Duration (DHCPv6 MRD
for the Solicit Message) in seconds during which the Intel(R) ME FW tries to
locate a DHCPv6 server. 0 - means try forever. The default value for this
property is 0.
DDNSUpdateEnabled
public boolean DDNSUpdateEnabled
- General Information:
Defines whether the Dynamic DNS Update
Client in FW is enabled or not. (The default value for this property is
disabled)
DDNSUpdateByDHCPServerEnabled
public boolean DDNSUpdateByDHCPServerEnabled
- General Information:
If the DDNS Update client in FW is disabled
then this property will define whether DDNS Update should be requested from
the DHCP Server for the shared IPv4 address and shared FQDN. (The default
value for this property is enabled)
SharedFQDN
public boolean SharedFQDN
- General Information:
Defines Whether the FQDN
(HostName.DomainName) is shared with the Host or dedicated to ME. (The default
value for this property is shared - TRUE).
Product Specific
Usage:
Available in Release 6.0 and later releases.
HostOSFQDN
public string HostOSFQDN
- General Information:
Intel(R) AMT host OS FQDN. This value of
host FQDN is needed for the case that FW is set with a dedicated FQDN - this
allows the SW to correlate the FW name with the Host name.
Product
Specific Usage:
Available in Release 6.0 and later
releases.
Qualifiers:
-------------
MaxLen=256
DDNSTTL
public uint32 DDNSTTL
- General Information:
Defines the Time To Live value (cachable
time) of RRs registered by the FW DDNSUpdateClient. Units are seconds. (The
default value for this property is 15 minutes).
Product Specific
Usage:
Maximum value is 2147483647 (2^31-1) - according to RFC2181
AMTNetworkEnabled
public uint32 AMTNetworkEnabled
- General Information:
When set to Disabled, the AMT OOB network
interfaces (LAN and WLAN) are disabled including AMT user initiated
applications, Environment Detection and RMCPPing. Since OOB networking is
disabled, there will not be an option to enable it back
remotely.
Qualifiers:
-------------
ValueMap={0, 1,
2..}
Values={Disabled, Enabled, Reserved}
RmcpPingResponseEnabled
public boolean RmcpPingResponseEnabled
- General Information:
Indicates whether Intel(R) AMT should
respond to RMCP ping Echo Request messages.
DDNSPeriodicUpdateInterval
public uint32 DDNSPeriodicUpdateInterval
- General Information:
Defines the interval at which the FW DDNS
Update client will send periodic updates for all the RRs registered by FW.
Should be set according to corporate DNS scavenging policy. Units are minutes.
Can be : either 0, or 20 and over. A value of 0 disables periodic update. (The
default value for this property is 24 hours - 1440 minutes).
PresenceNotificationInterval
public uint32 PresenceNotificationInterval
- General Information:
Defines the interval at which the FW will
send periodic WS-management events notifications (for the subscribed clients)
whenever network settings are changed. Units are minutes. A value of 0
disables periodic events. The default value for this property is 0
(notifications are disabled). The minimal allowed value is 15 minutes.
Privacy Level
public uint32 PrivacyLevel
- General Information:
Defines the Privacy and Security Level setting. Privacy
Level defines the values for privacy/security-related parameters by default and upon
ME-unconfigure event. The setting can have the following values:
Default:
SOL enabled = true, IDER enabled = true, KVM enabled = true, Opt-in can be
disabled = true, opt-in configurable remotely = true. From Intel ME 8: Also Client Control Mode allowed=true and RCFG enabled=true.
Enhanced:
SOL
enabled = true, IDER enabled = true, KVM enabled = true, Opt-in can be
disabled = false, opt-in configurable remotely = true. From Intel ME 8: Also Client Control Mode allowed=true and RCFG enabled=true.
Extreme:
SOL
enabled = false, IDER enabled = false, KVM enabled = false, Opt-in can be
disabled = false, opt-in configurable remotely = false. From Intel ME 8: Also Client Control Mode allowed=false and RCFG enabled = false.
Product
Specific Usage:
This is a read-only
property.
Qualifiers:
-------------
ValueMap={0, 1, 2,
3..}
Values={Default, Enhanced, Extreme, Reserved}
PowerSource
public uint32 PowerSource
- General Information:
The system current power
source
Product Specific Usage:
This is a read-only
property.
Qualifiers:
-------------
ValueMap={0, 1,
2..}
Values={AC, DC, Reserved}
ThunderboltDockEnabled
public uint32 ThunderboltDockEnabled
- General Information:
When set to Disabled, a management console cannot communicate with Intel AMT via a Thunderbolt dock.
Product Specific Usage:
Available in Release 15.0 and later releases.
Values: 0=Disabled, 1=Enabled. Default: Enabled.
OemID
public uint16 OemID
- General Information:
The OEM's vendor ID as listed in the Peripheral Component Interconnect Special Interest Group (PCI-SIG) list of member companies.
Product Specific Usage:
Available in Release 16.1 and later releases.
Put
public Put([IN]AMT_GeneralSettings Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_LOCAL_APPS_REALM,
ADMIN_SECURITY_RCS_ADMIN_REALM,
ADMIN_SECURITY_EVENT_MANAGER_REALM
General
Information:
Changes properties of the selected
instance
Product Specific Usage:
Additional Info:
1) The
InstanceID and ElementName properties must be included in any representation
of AMT_GeneralSettings, but cannot be modified:
2) Several permissions can
call this method.
The ADMINISTRATION realm can change all properties.
The RCS_ADMIN realm can change the IdleWakeTimeout and
RmcpPingResponseEnabled properties.
The LOCAL_APPS realm can change the
RmcpPingResponseEnabled property.
The EVENT_MANAGER realm can change the
PresenceNotificationInterval property (version 6.1 and above).
Get
public Get([OUT]AMT_GeneralSettings Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM,
ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM, ADMIN_SECURITY_LOCAL_APPS_REALM,
ADMIN_SECURITY_RCS_ADMIN_REALM,
ADMIN_SECURITY_EVENT_MANAGER_REALM
General Information:
Gets
the representation of the instance
Product Specific
Usage:
Additional Notes:
1) 'Get' in Intel AMT Release 3.2 is
permitted only to 'ADMIN_SECURITY_ADMINISTRATION_REALM' and
'ADMIN_SECURITY_GENERAL_INFO_REALM'.
2) 'Get' in Intel AMT Release 5.0 and
earlier releases is not permitted to
'ADMIN_SECURITY_LOCAL_APPS_REALM'.
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context
AMTAuthenticate
public AMTAuthenticate([IN]uint8 MC_Nonce[20], [OUT] uint8 Nonce[20],[OUT] string UUID[16],[OUT] string FQDN,[OUT] string FWVersion,
[OUT] uint32 AMTSVN,[OUT] uint32 SignatureMechanism,[OUT] uint8 Signature[512],[OUT] uint16 LengthOfCertificates[4],[OUT] uint8 Certificates[3000]);
- Permission Information:
Permitted realms:
ADMIN_SECURITY_GENERAL_INFO_REALM, ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Provides authentication of Intel AMT to assure that the TLS session is to an authentic Intel AMT firmware application executing on the Intel CSME. In addition it also provides device identity attestation. The flow for verifying the Intel AMT firmware is documented in the section on On-Die Certificate Authority (ODCA) certificates that are bound to unique fuses in the device and provide device identity attestation to the console. Enables verifying the health of Intel AMT firmware by checking for Intel AMT firmware certificate revocation.
Qualifiers:
-------------
ValueMap={"0", "1"}
Values={ "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR" }
Parameters:
-------------
MC_Nonce
Description: 20-byte nonce created by user
Qualifiers: Required, In
Nonce
Description: 20-byte nonce created by Intel AMT firmware
Qualifier: OUT
UUID
Description: 16 bytes containing the system UUID
Qualifier: OUT
FQDN
Description: The null-terminated system name configured when Intel AMT is provisioned. Null for unprovisioned system
Qualifier: OUT
FWVersion
Description: Intel AMT firmware version of the system
Qualifier: OUT
AMTSVN
Description: The SVN (Security Version Number) of the Intel AMT application
Qualifier: OUT
SignatureMechanism
Description: Signature mechanism used for the hash and signing
Qualifiers: OUT
ValueMap { "0","1..65535" }
values { "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","Reserved" }
Signature
Description: Signature over Hash(Hash(AMT TLS Server Cert/ CIRA MPS Cert) || MCNonce || Nonce || FQDN || UUID || FWVersion || AMTSVN || DigestRealm || SignatureMechanism)
Qualifier: OUT
LengthOfCertificates
Description: A 4-element array containing the lengths of the certificates stored in the Certificates field in sequential order
Qualifier: OUT
Certificates
Description: The On-Die Certificate Authority certificate chain used for signing the TLS certificate
Qualifier: OUT