Class AMT_TLSSettingData
Used in features: Security
Administration , General Info
Compatible with the following Intel AMT
Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5,
10.0, 11.0
CIM_ManagedElement
CIM_SettingData
AMT_TLSSettingData
class AMT_TLSSettingData
- extends CIM_SettingData
General Information:
The AMT_TLSSettingData class represents
configuration-related and operational parameters for the TLS service in the
Intel(R)
AMT.
Qualifiers:
-------------
Version=3.0.0
Supported Fields
Summary |
string
|
ElementName The
user-friendly name for this instance of SettingData . . .
|
string
|
InstanceID Within the scope of the instantiating Namespace,
InstanceID opaquely and uniquely identifies an instance of this class . .
.
|
boolean
|
MutualAuthentication
Adminstrator-settable property that determines whether or not
mutual authentication is used at the TLS layer is used on the associated
service access point . . .
|
boolean
|
Enabled
Administrator-settable property that determines whether or not
TLS is used on the associated service access point.
|
string[10]
|
TrustedCN An array of
strings, used to validate the CN subfield of the subject field in X.509
certificates presented to Intel(R) AMT in the TLS handshake . . .
|
boolean
|
AcceptNonSecureConnections
This setting defines once TLS is enabled and configured whether
non-secure EOI/WSMAN connections are still accepted by FW on ports 16992
and 623 . . .
|
boolean
|
NonSecureConnectionsSupported
If the value of this read-only field is True, the value of AcceptNonSecureConnections can be changed.
Note that this class and field can be accessed locally as well as remotely.
|
Methods Summary |
|
Put(Instance) Changes
properties of the selected instance
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
ElementName
public string ElementName
- General Information:
The user-friendly name for this instance of
SettingData. In addition, the user-friendly name can be used as an index
property for a search or query. (Note: The name does not have to be unique
within a namespace.)
Product Specific Usage:
In Intel AMT
Release 6.0 and later releases value is:
Remote interface: “Intel(r) AMT
802.3 TLS Settings”
Local interface: “Intel(r) AMT LMS TLS Settings”
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=256
InstanceID
public string InstanceID
- General Information:
Within the scope of the instantiating
Namespace, InstanceID opaquely and uniquely identifies an instance of this
class. To ensure uniqueness within the NameSpace, the value of InstanceID
should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID>
are separated by a colon (:), and where <OrgID> must include a
copyrighted, trademarked, or otherwise unique name that is owned by the
business entity that is creating or defining the InstanceID or that is a
registered ID assigned to the business entity by a recognized global
authority. (This requirement is similar to the <Schema Name>_<Class
Name> structure of Schema class names.) In addition, to ensure uniqueness,
<OrgID> must not contain a colon (:). When using this algorithm, the
first colon to appear in InstanceID must appear between <OrgID> and
<LocalID>.
<LocalID> is chosen by the business entity and
should not be reused to identify different underlying (real-world) elements.
If the above "preferred" algorithm is not used, the defining entity must
assure that the resulting InstanceID is not reused across any InstanceIDs
produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with
the <OrgID> set to CIM.
Product Specific Usage:
In
Intel AMT Release 6.0 and later releases value is:
Remote interface:
“Intel(r) AMT 802.3 TLS Settings”
Local interface: “Intel(r) AMT LMS TLS
Settings”
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=256
MutualAuthentication
public boolean MutualAuthentication
- General Information:
Adminstrator-settable property that
determines whether or not mutual authentication is used at the TLS layer is
used on the associated service access point. If False, then only the server
authenticates itself at the TLS layer.
Product Specific
Usage:
Use of Mutual Authentication on the local interface is
deprecated in Release 6.0. The feature will be removed in a future release.
This property is only visible / usable for users of
ADMIN_SECURITY_ADMINISTRATION realm.
This property must be supplied if
Enabled property is True.
Enabled
public boolean Enabled
- General Information:
Administrator-settable property that
determines whether or not TLS is used on the associated service access
point.
Qualifiers:
-------------
Required
TrustedCN
public string[10] TrustedCN
- General Information:
An array of strings, used to validate the
CN subfield of the subject field in X.509 certificates presented to Intel(R)
AMT in the TLS handshake. This value must comply with the requirements of RFC
1035.
Product Specific Usage:
This property is only visible /
usable for users of ADMIN_SECURITY_ADMINISTRATION realm
Additional
Notes:
1) 'Max Length' qualifier in Intel AMT Release 3.2 and earlier
releases is '64'.
2) 'Array Max Length' qualifier in Intel AMT Release 3.2
and earlier releases is
'4'.
Qualifiers:
-------------
MaxLen=60
AcceptNonSecureConnections
public boolean AcceptNonSecureConnections
- General Information:
This setting defines once TLS is enabled
and configured whether non-secure EOI/WSMAN connections are still accepted by
FW on ports 16992 and 623. If AcceptNonSecureConnections is set to TRUE then
non-secure connections are still accepted. If set to FALSE then non-secure
connections are rejected. This setting may be set per interface for the local
and network interfaces.
Product Specific
Usage:
AMT_TLSSettingData.AcceptNonSecureConnections may only be
modified for the remote interface. It is a read-only property for the local
interface instance.
NonSecureConnectionsSupported
public boolean NonSecureConnectionsSupported
- General Information:
Indicates the removal of support for the non-TLS WS-MAN ports for the remote interface. Available starting Intel CSME 16.1 firmware on Raptor Lake platforms. If this read-only field exists and its value is True, changing the value of the AcceptNonSecureConnections field is allowed only for the local interface.
Note that this class and field can be accessed locally as well as remotely.
Invoking the AMT_TLSSettingData.Put() command on the remote instance with AcceptNonSecureConnections set to True will fail with error code AMT_STATUS_NOT_PERMITTED
.
Setting AMT_TLSSettingData.Enabled to False will also fail for the remote interface.
Product Specific
Usage:
Read-only.
Put
public Put([IN]AMT_TLSSettingData Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM
General
Information:
Changes properties of the selected
instance
Product Specific Usage:
The following properties
must be included in any representation of AMT_TLSSettingData:
ElementName
(cannot be modified)
InstanceID (cannot be
modified)
Enabled
This method will not modify the flash ("Enabled"
property) until "CommitChanges" is issued and performed
successfully.
Get
public Get([OUT]AMT_TLSSettingData Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_ADMINISTRATION_REALM,
ADMIN_SECURITY_GENERAL_INFO_REALM
General Information:
Gets
the representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context