I would like to ask a few questions about configuring TLS-PSK (if it's still posible) with AMT SCS 8.0
My university had recently purchased about 200 AMT-enabled computers - HP 8300 series, MBEx of the version 8.0.0.0063 , with ME v126.96.36.1995.
Considering the amount of the machines we would like to use AMT for remote OOB managemant.
Since those computers are installed in students' labs there is a clear security concern: we cannot rely on the
login/password only, while managing each machine remotely.
So, for security reasons and also in order to be able to use SOL, KVM and IDE-R we have to configure the Transport Layer Security.
So, that's the background. Now my questions:
1) Is there still an option to configure the Transport Layer Security with Pre-Shared Key, but using the SCS 8.x?
2) If not - Can the PKI be configured instead of TLS-PSK, but without using the certificates from the vendor?
In other words, can PKI be configured to work with our custom certificates instead of the vendor's sertificates that are already embedded in the machine's firmware? Could it be done WITHOUT purchasing the certificate?
3) Is there a way to configure the TLS so it would use a Certificate Authority that does NOT run on Windows Server?
We use Linux machines (Debian 6.0 distribution mostly) and are willing to create a Certificate Authority with OpenSSL.
I found this tutorial on your site:
but unfortunately this could be done ONLY if the version of SCS/SDK is 7.x or lower.
So, if there's a way to achieve the same goal as in this tutorial, but for versions 8.x - I would like to know how as well.
4) I've already tried to change the "Current Provisioning Mode" manually in MEBx, but there's only one option - PKI.
Is there any way to enable TLS-PSK option as well?
5) Is there a way to enable TLS but with out Certificate Authority - relying only on self-sign certificates?
If yes - how cuold it be done using OpenSSL?
Thanks in advance