Intel® Active Management Technology (Intel® AMT) version 11.0 introduces a new feature called Remote Secure Erase (RSE). RSE is designed to allow IT administrators to remotely wipe the hard disk of the client device supporting AMT (v11.0 or above).
When an employee leaves the organization, the IT administrator will collect the PC - erase the disk drive, reload the OS and applications as needed. Remote Secure Erase combined with other Intel® AMT redirection features (IDE-R, KVM) allows the IT administrator to securely erase the whole disk drive (bootable partition) and using KVM and IDE-R can provision OS and applications remotely.
Below are the platform requirements for RSE support:
Here is the expected flow for implementing the RSE solution:
The PowerShell script (see attachments) demonstrates the usage of the AMT Remote Secure Erase feature with code snippets. For information on running PowerShell scripts with the Intel® vPro module please refer to the AMT SDK and related Intel® AMT Implementation and Reference Guide. More information about configuring Intel vPro PowerShell module can be found here.
After establishing a connection (note: you will need to enter the proper credentials and machine address for your client system), the script demonstrates the flow as described above.
This should provide all the items you need to start using the feature. If you have questions please post them to the Intel® Business Client Software Development Discussion Forum.
In summary, this feature is designed to allow the IT administrators to remotely wipe the entire SSD in a secure fashion for repurposing a PC or mobile device.
About the Authors/Contributors
Ajith Illendula is a Senior Software Engineer enabling Business Client and Security Applications for large enterprises.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804