I'm going through the process of adding Root Certificate Hashes to use own provisioning certificate for configuring AMT. When I go through AMT 7.0 SDK it has following details under
Setup and Configuration of Intel AMT > Root Certificate Hashes
"Prior to Release 7.0, Intel AMT can have up to 20 embedded root hashes plus three custom hashes installed by the OEM or by IT prior to configuration. Release 7.0 adds the capacity for ten more embedded hashes."
Custom hashes can be added prior to configuration means without enabling AMT or without entering into MEBx we can add hash.If so how we can add hash prior to configuration.
When I lookedIntel_SCS_7.0_User_Guide.pdf, it has following details
Entering a Root Certificate Hash Manually in the Intel AMT Firmware
Normally the certificate hashes are programmed in the Intel AMT system firmware by the manufacturer. However, there is an option of entering the root certificates hash manually via the MEBx. (The names and locations of menu options might vary slightly in different Intel AMT versions.)
As per SCS user guide, we need to manually enter MEBx to add hash certificate.
I feel the information related to adding hash certificate is conflicting between AMT SDK and SCS. Can anyone explain about this ?