How to enable AMT remotely with ACUConfig on Linux and Windows?

How to enable AMT remotely with ACUConfig on Linux and Windows?

Hello!

we are a physics department at a large German university where we deploy several hundred desktop PCs running both Windows and Linux. We use Intel AMT to perform maintenance and administration of these computers since it helps to minimize the amount of sneaker networking we have to do.

All desktop PCs are DELL OptiPlex machines, ranging from 745 series machine through 755, 760, 760, 780 and up to current machines like the OptiPlex 9080, all these machines support Intel AMT.

Now, in order to use AMT, we have to enable it on these machines first which is currently quite a chore. Someone, usually a student assistant, has to walk to the machine, reboot it, enter the MBEx menu and enable AMT. Then they need to plug in a USB device holding the configuration, load it and finally reboot the machine. Quite a lot of sneaker networking with just alone over 200 Linux desktops.

I am therefore currently looking into the possibilty to enable and configure AMT completely remotely. I read through the SCS User Guide and several documents provided by Intel, but none of these mentions any possibility. The 200 Linux desktops run Debian Wheezy or Jessie. I tried using ACUConfig which is unfortunately very buggy (at least on Linux) and it took me several hours to get it to compile cleanly (the pre-compiled version from Intel doesn't work since it does a version check which will prevent it to work on most machines; the manual recommends to recompile the code with the version check commented out). The makefiles needed a lot of patching (for example, gcc refused to compile many sources without -fpermissive, so I had to add it to the compiler flags in many makefiles) and some of the C sources required to have some #include directives removed or added since it tried to use headers which exist on Windows machines only. I could eventually get the code compile with my additional patching and by using an old Debian Squeeze installation as a build host (the gcc version on Debian Wheezy or Jessie seems to be too new for the ACUConfig sources).

After finally having a version of ACUConfig on Linux which seems to work, I tried to generate a configuration profle using the "ACU Wizard" on a Windows machine. I made the necessary adjustments for AMT and exported the configuration to an encrypted XML file. I then tried to load the XML configuration on a Linux machine using ACUConfig:

root@smart2:~> ACUConfig -Verbose ConfigAMT /net/space/physik.xml --DecryptionPassword mypassword
738. (-DecryptionPassword)
Starting log 2014-06-27 13:41:47

Command:     ConfigAMT

Description: Configures/Reconfigures Intel AMT systems

Syntax:      ACUConfig [global options] ConfigAMT <filename>
             [-DecryptionPassword <password>] [-AbortOnFailure]
             [-AdminPassword <password>] [-NetworkSettingsFile <file>]

Parameters:

<filename>: The xml file containing the configuration parameters
-DecryptionPassword <password>: Performs decryption of encrypted files
-AbortOnFailure: If configuration fails, puts the Intel AMT device in the
                 "Not Provisioned" mode
-AdminPassword <password>: Current admin user password in the Intel AMT device
-NetworkSettingsFile <file>: Gets the IP and/or the FQDN from a dedicated
                             network settings file

***********

101098 - 10114
Details: 738(-DecryptionPassword)

root@smart2:~>

Trying the same command with a small, handwritten XML file which is unencrypted:

root@smart2:~> ACUConfig -Verbose ConfigAMT /net/space/physik2.xml
Connected to HECI driver, version: 218.146.27.32514
Size of guid = 16
max_message_length 5120
protocol_version 1
Connected to HECI driver, version: 3.0.0.2
Size of guid = 16
max_message_length 5120
protocol_version 1
Segmentation fault
root@smart2:~>

Apparently, the ACUConfig utility is currently broken and not really usable on Linux which is an unlucky situation. Furthermore, I think the current method of installation of the ACUConfig utility on Linux is way too cumbersome and error-prone and most people will probably fail trying to get it running.

I would therefore like to get in touch with any of the original developers of the ACUConfig utility and help them to clean up the code such that it will build on any Linux machine with any version of gcc without any heavy patching. Also, since I am a Debian Developer, I would also be happy to help to get Intel's ACUConfig packaged for Debian. If end users could just install those utilities on Debian-based systems (Debian, Ubuntu, Linux Mint etc) with a simple "apt-get install intel-amt-tools", the whole use AMT on Linux would be much easier and simpler.

Cheers,

Adrian

3 Beiträge / 0 neu
Letzter Beitrag
Nähere Informationen zur Compiler-Optimierung finden Sie in unserem Optimierungshinweis.

Correction:

In my demonstration, I accidentally used the "DecryptionPassword" with two minus signs which is a syntax error. So, here is the output with the correct syntax:

root@smart2:~> ACUConfig -Verbose ConfigAMT /net/space/physik.xml -DecryptionPassword mypassword
12. (DecryptionPassword)
Starting log 2014-06-27 13:52:40

Command:     ConfigAMT

Description: Configures/Reconfigures Intel AMT systems

Syntax:      ACUConfig [global options] ConfigAMT <filename>
             [-DecryptionPassword <password>] [-AbortOnFailure]
             [-AdminPassword <password>] [-NetworkSettingsFile <file>]

Parameters:

<filename>: The xml file containing the configuration parameters
-DecryptionPassword <password>: Performs decryption of encrypted files
-AbortOnFailure: If configuration fails, puts the Intel AMT device in the
                 "Not Provisioned" mode
-AdminPassword <password>: Current admin user password in the Intel AMT device
-NetworkSettingsFile <file>: Gets the IP and/or the FQDN from a dedicated
                             network settings file

***********

101098 - 10114
Details: 12(DecryptionPassword)

root@smart2:~>

Adrian

Adrian,

Thank you for the extensive details on the challenges you are seeing. I will forward the information and appreciate your offer of help.

Melden Sie sich an, um einen Kommentar zu hinterlassen.