WS-Management > WS-Management Class Reference > AMT Classes > AMT_SetupAndConfigurationService

Class AMT_SetupAndConfigurationService

Used in features: Provisioning , Security Administration , General Info
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5
CIM_ManagedElement
   extended by CIM_ManagedSystemElement
      extended by CIM_LogicalElement
         extended by CIM_EnabledLogicalElement
            extended by CIM_Service
               extended by CIM_SecurityService
                  extended by CIM_AuthenticationService
                     extended by CIM_CredentialManagementService
                        extended by AMT_SetupAndConfigurationService


class AMT_SetupAndConfigurationService
extends CIM_CredentialManagementService

General Information:
Describes the Setup and Configuration Service, which is the logic in Intel(R) AMT that responds to Setup and Configuration requests.

Qualifiers:
-------------
Version=7.0.0


Supported Fields Summary
 uint16 RequestedState
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested . . .
 uint16 EnabledState
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element . . .
 string ElementName
A user-friendly name for the object . . .
 string SystemCreationClassName Key
The CreationClassName of the scoping System.
 string SystemName Key
The Name of the scoping System.
 string CreationClassName Key
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance . . .
 string Name Key
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed . . .
 uint8 ProvisioningMode
A Read-Only enumeration value that determines the behavior of Intel(R) AMT when it is deployed . . .
 uint8 ProvisioningState
An enumeration value that indicates the state of the Intel(R) AMT subsystem in the provisioning process"Pre" - the setup operation has not started."In" - the setup operation is in progress."Post" - Intel(R) AMT is configured.
 boolean ZeroTouchConfigurationEnabled
Indicates if Zero Touch Configuration (Remote Configuration) is enabled or disabled . . .
 uint8[32] ProvisioningServerOTP
A optional binary data value containing 8-32 characters,that represents a one-time password (OTP), used to authenticate the Intel(R) AMT to the configuration server . . .
 uint8[8] ProvisioningPID
The ID used during setup in TLS PSK mode (null if not set) . . .
 string ConfigurationServerFQDN
The FQDN of the configuration server.
 uint8 PasswordModel
An enumeration value that determines the password model of Intel(R) AMT.

Methods Summary
 uint32 CommitChanges()
Commits pending configuration commands made to the Intel(R) AMT device . . .
 uint32 Unprovision(ProvisioningMode)
Resets the Intel(R) AMT device to default factory settings . . .
 uint32 PartialUnprovision()
Transfers Intel(R) AMT into a partially-unprovisioned state: Except for configuration settings required for the next provisioning: Admin ACL settings, TLS-PSK keys, Host & Domain name, and provisioning server IP and port number, settings will be restored to factory defaults . . .
 uint32 ResetFlashWearOutProtection()
Resets the wear-out protection to the initial state for all protected flash sectors . . .
 uint32 ExtendProvisioningPeriod(Duration)
This method allows a configuration server to extend the configuration time, in which Intel(R) AMT is expected to be provisioned . . .
 uint32 SetMEBxPassword(Password)
This method sets the ME Bios extension password . . .
 uint32 SetTLSPSK(PID, PPS)
This call configures the pre shared key and its ID that will be used during the next configuration after partial-unprovisioning.
 uint32 GetProvisioningAuditRecord(ProvisioningTLSMode, SecureDNS, HostInitiated, ProvServerFQDN, SelectedHashType, SelectedHashData, CaCertificateSerials, AdditionalCaSerialNums, IsOemDefault, IsTimeValid, ProvServerIP, TlsStartTime)
This method returns the provisioning audit record.
 uint32 GetUuid(UUID)
This method returns the Universal Unique ID of the platform (UUID).
 uint32 GetUnprovisionBlockingComponents(Component)
This command returns the components that caused the last unprovisioning (full or partial) request to fail with the PT_STATUS_BLOCKING_COMPONENT error.
 uint32 GetProvisioningAuditRecordV2(ProvisioningTLSMode, SecureDNS, HostInitiated, ProvServerFQDN, SelectedHashType, SelectedHashData, CaCertificateSerials, AdditionalCaSerialNums, IsOemDefault, IsTimeValid, ProvServerIP, TlsStartTime)
This method returns the Provisioning audit record , including the IPv6 Address of the configuration server (if applicable).
  Put(Instance)
Changes properties of the selected instance
  Get(Instance)
Gets the representation of the instance
  Pull(EnumerationContext, MaxElements)
Pulls instances of this class, following an Enumerate operation
  Enumerate()
Enumerates the instances of this class
  Release(EnumerationContext)
Releases an enumeration context

Field Detail

RequestedState

public uint16 RequestedState
General Information:
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ("Not Applicable"), then this property has no meaning. Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
"Unknown" (0) indicates the last requested state for the element is unknown.
Note that the value "No Change" (5) has been deprecated in lieu of indicating the last requested state is "Unknown" (0). If the last requested or desired state is unknown, RequestedState should have the value "Unknown" (0), but may have the value "No Change" (5).Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the element is first "Disabled" and then "Enabled". The distinction between requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

If knowledge of the last RequestedState is not supported for the EnabledLogicalElement, the property shall be NULL or have the value 12 "Not Applicable".

Qualifiers:
-------------
ValueMap={0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled, Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot, Reset, Not Applicable, DMTF Reserved, Vendor Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}


EnabledState

public uint16 EnabledState
General Information:
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other, Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}


ElementName

public string ElementName
General Information:
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.

Product Specific Usage:
This is a read-only property.
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT Setup and Configuration Service'

Qualifiers:
-------------
MaxLen=45


SystemCreationClassName Key

public string SystemCreationClassName
General Information:
The CreationClassName of the scoping System.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'CIM_ComputerSystem'

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


SystemName Key

public string SystemName
General Information:
The Name of the scoping System.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT'

Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name


CreationClassName Key

public string CreationClassName
General Information:
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'AMT_SetupAndConfigurationService'

Qualifiers:
-------------
Key
MaxLen=35


Name Key

public string Name
General Information:
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.

Product Specific Usage:
In Intel AMT Release 6.0 and later releases value is 'Intel(r) AMT Setup and Configuration Service'

Qualifiers:
-------------
Key
Override=Name
MaxLen=45


ProvisioningMode

public uint8 ProvisioningMode
General Information:
A Read-Only enumeration value that determines the behavior of Intel(R) AMT when it is deployed. Starting from Release 7.0, this enumeration indicates whether AMT is deployed in "Admin control mode" or "Client control mode". In "Admin" mode, AMT functionality is on the same level of previous releases. In "Client" mode fucntionality is limited or requires user consent.

Product Specific Usage:
In AMT Release 6.0 and later releases, value is 'Enterprise' (1) and is read-only.
In AMT Release 7.0, the value map has changed to "Admin Control Mode" (1 - matches the previous "enterprise" mode)
and "Client Control Mode" (4).

Qualifiers:
-------------
ValueMap={1, .., 4, ..}
Values={Admin Control Mode, Reserved1, Client Control Mode, Reserved2}


ProvisioningState

public uint8 ProvisioningState
General Information:
An enumeration value that indicates the state of the Intel(R) AMT subsystem in the provisioning process"Pre" - the setup operation has not started."In" - the setup operation is in progress."Post" - Intel(R) AMT is configured.

Product Specific Usage:
This is a read-only property.

Qualifiers:
-------------
ValueMap={0, 1, 2}
Values={Pre, In, Post}


ZeroTouchConfigurationEnabled

public boolean ZeroTouchConfigurationEnabled
General Information:
Indicates if Zero Touch Configuration (Remote Configuration) is enabled or disabled. This property affects only enterprise mode. It can be modified while in SMB mode

Product Specific Usage:
can be modified while in Post-provisioning state (ProvisioningState = 'Post')


ProvisioningServerOTP

public uint8[32] ProvisioningServerOTP
General Information:
A optional binary data value containing 8-32 characters,that represents a one-time password (OTP), used to authenticate the Intel(R) AMT to the configuration server. This property can be retrieved only in IN Provisioning state, nevertheless, it is settable also in POST provisioning state.

Product Specific Usage:
This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm.
CommitChanges method deletes its value, it should be set in post-provisioning state before reprovisioning


Qualifiers:
-------------
OctetString


ProvisioningPID

public uint8[8] ProvisioningPID
General Information:
The ID used during setup in TLS PSK mode (null if not set). This property is enabled only in enterprise mode.

Product Specific Usage:
This property is only visible / usable for users of ADMIN_SECURITY_ADMINISTRATION realm.

Additional Notes:
1) 'Max Length' qualifier in Intel AMT Release 3.2 and earlier releases is 'infinite'.
2) Modifiable only via 'SetTlsPsk' method (not via 'Put')

Qualifiers:
-------------
Deprecated={N/A}
OctetString
MaxLen=256


ConfigurationServerFQDN

public string ConfigurationServerFQDN
General Information:
The FQDN of the configuration server.

Product Specific Usage:
Can be modified while in Post-provisioning state

Qualifiers:
-------------
MaxLen=255


PasswordModel

public uint8 PasswordModel
General Information:
An enumeration value that determines the password model of Intel(R) AMT.

Product Specific Usage:
This is a read-only property.
While in post-provisioning state, value is 'Separate password model' (1), otherwise value is 'Coupled password model' (0)

Qualifiers:
-------------
ValueMap={0, 1, 2}
Values={Coupled password model (the password of the network and the local interfaces are identical), Separate password model (the password of the network and the local interfaces are separate), Separate-Hash password model}


Method Detail

CommitChanges

public uint32 CommitChanges()
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Commits pending configuration commands made to the Intel(R) AMT device. Completes configuration when in "IN-provisioning" state

Product Specific Usage:
This routine commits pending configuration commands which are dependent on an internal restart sequence or a cumulative validity check.
Failure to execute this command prevents the pending configurations (which are not stored in flash memory) to take effect. Operations (or situations such as a power loss) that immediately change flash memory depend on a call to CommitChanges()to refresh the internal Firmware state.
Note:
1. If TLS is enabled, RSA Key and Certificate must be configured in order to work properly with the changes being committed.
2. If DHCP is enabled, host-name must be set.
3. If mutual authentication is configured, then at least one trusted root certificate must exist.
4. If in EnterpriseMode Provisioning, then caller must update the internal clock and change the PRNG.
Since committing changes may cause an internal restart sequence, remote applications should allow sufficient time for Intel AMT to reload before issuing the next command.


Qualifiers:
-------------
ValueMap={0, 1, 38, 2057}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_DATA_MISSING}


Unprovision

public uint32 Unprovision([IN]uint32 ProvisioningMode)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Resets the Intel(R) AMT device to default factory settings. The device will need to be re-provisioned after this command.

Product Specific Usage:
In Client Control Mode, call will succeed even if auditor is blocking the operation.

Qualifiers:
-------------
ValueMap={0, 1, 16, 36, 2076}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, PT_STATUS_BLOCKING_COMPONENT}


Parameters:
--------------
ProvisioningMode
General Information:
Indicates the provisioning mode (Enterprise , Small Business or Remote Connectivity) the device will enter following successful completion of the command. Starting from Release 6.0 only effective value is ProvisioningModeEnterprise

Qualifiers:
-------------
IN
ValueMap={0, 1, 2, 3}
Values={ProvisioningModeCurrent, ProvisioningModeEnterprise, ProvisioningModeSmallBusiness, ProvisioningRemoteConnectivity}



PartialUnprovision

public uint32 PartialUnprovision()
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Transfers Intel(R) AMT into a partially-unprovisioned state: Except for configuration settings required for the next provisioning: Admin ACL settings, TLS-PSK keys, Host & Domain name, and provisioning server IP and port number, settings will be restored to factory defaults. The device will need to be re-provisioned after this command.

Product Specific Usage:
This command puts Intel AMT into a Partial Unprovision state.
The effect of this command is similar to calling the Unprovision() command (with ProvisioningMode set to "Enterprise").
The only difference is that the following settings remain unchanged:
- Admin ACL settings (name and password)
- TLS-PSK keys
- Host name
- Provisioning server IP and port number
- Domain name

In Client Control Mode, call will succeed even if auditor is blocking the operation


Qualifiers:
-------------
ValueMap={0, 1, 16, 2076}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_BLOCKING_COMPONENT}


ResetFlashWearOutProtection

public uint32 ResetFlashWearOutProtection()
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_RCS_ADMIN_REALM

General Information:
Resets the wear-out protection to the initial state for all protected flash sectors. At the initial state, each sector is granted sufficient Erase or Write Operations for the device to work correctly. This operation should be used only in rare occasions such as provisioning or following the contamination of malicious application which caused a denial-of-service (DoS) attack by consuming the entire credit for flash erase operations.

Product Specific Usage:
In Intel AMT Releases 6.2 and 7.0 and later releases functionality is disabled (does not do anything and returns successfully)

Qualifiers:
-------------
Deprecated={N/A}
ValueMap={0, 1, 16}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED}


ExtendProvisioningPeriod

public uint32 ExtendProvisioningPeriod([IN]uint32 Duration)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
This method allows a configuration server to extend the configuration time, in which Intel(R) AMT is expected to be provisioned. If a configuration server does not call this command before the provisioning period expires, Intel(R) AMT will close the network interface.

Product Specific Usage:
Actually sets (not necessarily extends) the period, can be used to close the provisioning time window (with Duration = 0)

Qualifiers:
-------------
ValueMap={0, 1, 16}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED}


Parameters:
--------------
Duration
General Information:
The extension duration in hours (limited to maximum value of 24 in each call).

Qualifiers:
-------------
IN



SetMEBxPassword

public uint32 SetMEBxPassword([IN]string Password)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
This method sets the ME Bios extension password. It allows a remote caller to change the ME access password for the BIOS extension screen. This call succeeds depending on the password policy rule defined in MEBx (BIOS extension):"Default Password Only" - Method succeeds only when the current password is still the default value and only in PKI provisioning. "During Setup and Configuration" - Method succeeds only during provisioning, regardless of provisioning method or previous password value."ANYTIME" - Method will always succeed. (i.e. even when configured)

Product Specific Usage:
API is blocked in client control mode

Qualifiers:
-------------
ValueMap={0, 1, 16, 2054}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PASSWORD}


Parameters:
--------------
Password
General Information:
Password needs to be strong: Contain at least one of: upper-case, lower-case, digit and special character

Qualifiers:
-------------
IN
MinLen=8
MaxLen=32



SetTLSPSK

public uint32 SetTLSPSK([IN]uint8 PID[8], [IN]uint8 PPS[32])
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
This call configures the pre shared key and its ID that will be used during the next configuration after partial-unprovisioning.

Product Specific Usage:
The inserted values of the PID and the PPS are valid only after CommitChanges is invoked.
API is blocked in client control mode. Prevents setting PSK information.

Qualifiers:
-------------
Deprecated={N/A}
ValueMap={0, 1, 16, 36, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, PT_STATUS_AUDIT_FAIL}


Parameters:
--------------
PID
General Information:


Qualifiers:
-------------
IN
OctetString

PPS
General Information:


Qualifiers:
-------------
IN
OctetString



GetProvisioningAuditRecord

public uint32 GetProvisioningAuditRecord([OUT]uint8 ProvisioningTLSMode, [OUT]boolean SecureDNS, [OUT]boolean HostInitiated, [OUT]string ProvServerFQDN, [OUT]uint8 SelectedHashType, [OUT]uint8 SelectedHashData[], [OUT]string CaCertificateSerials[], [OUT]boolean AdditionalCaSerialNums, [OUT]boolean IsOemDefault, [OUT]boolean IsTimeValid, [OUT]uint32 ProvServerIP, [OUT]uint32 TlsStartTime)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This method returns the provisioning audit record.

Product Specific Usage:
Deprecated, Callers should use the new IPS_ProvisioningAuditRecrod.
Returns an error value when configured in Client Control mode.

Qualifiers:
-------------
Deprecated={IPS_ProvisioningAuditRecord}
ValueMap={0, 1, 2..2056, 2057}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, Reserved, PT_STATUS_DATA_MISSING}


Parameters:
--------------
ProvisioningTLSMode
General Information:
Describes the TLS mode used in the last configuration.

Qualifiers:
-------------
OUT
valueMap={0, 1, 2, 3..255}
values={Unknown, PSK, PKI, Reserved}

SecureDNS
General Information:
Indicates whether the configuration server DNS suffix was configured in a secure mode

Qualifiers:
-------------
OUT

HostInitiated
General Information:
Indicates whether the configuration was started by a host-agent or automatically. Relevant only in Remote Configuration mode

Qualifiers:
-------------
OUT

ProvServerFQDN
General Information:
The FQDN of the configuration server.Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
MaxLen=255

SelectedHashType
General Information:
Hash algorithm used in the corresponding certificate hash. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
valueMap={0, 1, 2, 3, 4..255}
values={Unknown, SHA-1-160, SHA-2-256, SHA-2-384, Reserved}

SelectedHashData
General Information:
The hash of the root certificate used in the configuration process.Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
OctetString

CaCertificateSerials
General Information:
Serial numbers of the certificates from the chain used in the configuration. Notice: the values of this array are actually base64 encoded values. A list of maximum three serial numbers of the issuing CA certificates. If the certificate chain has more than three certificates, this field contains the serial numbers of the last three certificates starting from the leaf. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
MaxLen=16
EOBase64

AdditionalCaSerialNums
General Information:
Indicates that there were additional serial numbers that were not logged. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

IsOemDefault
General Information:
Indicates whether the hash of the root certificate used in the configuration was in the default set of hashes. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

IsTimeValid
General Information:
Indicates whether the time validity check passed in the certificate chain. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

ProvServerIP
General Information:
The IP address of the Provisioning server that issued the AMT_SetupAndConfigurationService.CommitChanges() command. Only IPv4 is supported, in case of IPv6 This field will contain 0 - GetProvisioningAuditRecordV2 should be used.

Qualifiers:
-------------
OUT

TlsStartTime
General Information:
Indicates the time when the TLS session was initiated.

Qualifiers:
-------------
OUT



GetUuid

public uint32 GetUuid([OUT]uint8 UUID[16])
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This method returns the Universal Unique ID of the platform (UUID).

Product Specific Usage:
Additional Notes:
1) 'GetUuid' is only supported in Intel AMT Release 4.0 and later releases.
2) 'GetUuid' in Intel AMT Release 4.0 is permitted only to 'ADMIN_SECURITY_ADMINISTRATION_REALM'.

Qualifiers:
-------------
ValueMap={0, 1}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR}


Parameters:
--------------
UUID
General Information:
UUID of the system. If the value is all FFh, the ID is not currently present in the system, but is settable. If the value is all 00h, the ID is not present in the system. Corresponds to the UUID field of the SMBIOS Type 1 structure

Qualifiers:
-------------
OUT
OctetString



GetUnprovisionBlockingComponents

public uint32 GetUnprovisionBlockingComponents([OUT]uint32 Component[])
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This command returns the components that caused the last unprovisioning (full or partial) request to fail with the PT_STATUS_BLOCKING_COMPONENT error.

Product Specific Usage:
Additional Notes:
1) 'GetUnprovisionBlockingComponents' method is supported in Intel AMT Release 4.0 and later releases.

Qualifiers:
-------------
ValueMap={0, 1, 2..65535}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, Reserved}


Parameters:
--------------
Component
General Information:
components that caused the last unprovisioning (full or partial) request to fail

Qualifiers:
-------------
Required
OUT
ValueMap={1, 2..65535}
Values={COMPONENT_AUDIT_LOG, Reserved}



GetProvisioningAuditRecordV2

public uint32 GetProvisioningAuditRecordV2([OUT]uint8 ProvisioningTLSMode, [OUT]boolean SecureDNS, [OUT]boolean HostInitiated, [OUT]string ProvServerFQDN, [OUT]uint8 SelectedHashType, [OUT]uint8 SelectedHashData[], [OUT]string CaCertificateSerials[], [OUT]boolean AdditionalCaSerialNums, [OUT]boolean IsOemDefault, [OUT]boolean IsTimeValid, [OUT]string ProvServerIP, [OUT]uint32 TlsStartTime)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
This method returns the Provisioning audit record , including the IPv6 Address of the configuration server (if applicable).

Product Specific Usage:
Deprecated, Callers should use the new IPS_ProvisioningAuditRecrod.
Returns an error value when configured in Client Control mode.


Qualifiers:
-------------
Deprecated={IPS_ProvisioningAuditRecord}
ValueMap={0, 1, 2..2056, 2057}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, Reserved, PT_STATUS_DATA_MISSING}


Parameters:
--------------
ProvisioningTLSMode
General Information:
Describes the TLS mode used in the last configuration.

Qualifiers:
-------------
OUT
valueMap={0, 1, 2, 3..255}
values={Unknown, PSK, PKI, Reserved}

SecureDNS
General Information:
Indicates whether the configuration server DNS suffix was configured in a secure mode

Qualifiers:
-------------
OUT

HostInitiated
General Information:
Indicates whether the configuration was started by a host-agent or automatically. Relevant only in Remote Configuration mode

Qualifiers:
-------------
OUT

ProvServerFQDN
General Information:
The FQDN of the configuration server.Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
MaxLen=255

SelectedHashType
General Information:
Hash algorithm used in the corresponding certificate hash. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
valueMap={0, 1, 2, 3, 4..255}
values={Unknown, SHA-1-160, SHA-2-256, SHA-2-384, Reserved}

SelectedHashData
General Information:
The hash of the root certificate used in the configuration process.Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
OctetString

CaCertificateSerials
General Information:
Serial numbers of the certificates from the chain used in the configuration. Notice: the values of this array are actually base64 encoded values. A list of maximum three serial numbers of the issuing CA certificates. If the certificate chain has more than three certificates, this field contains the serial numbers of the last three certificates starting from the leaf. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT
MaxLen=16
EOBase64

AdditionalCaSerialNums
General Information:
Indicates that there were additional serial numbers that were not logged. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

IsOemDefault
General Information:
Indicates whether the hash of the root certificate used in the configuration was in the default set of hashes. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

IsTimeValid
General Information:
Indicates whether the time validity check passed in the certificate chain. Relevant only in Remote Configuration mode.

Qualifiers:
-------------
OUT

ProvServerIP
General Information:
The IPv6 address of the Provisioning server that issued the AMT_SetupAndConfigurationService.CommitChanges() command. In case of IPv4 this field will contain IPv4 mapped to IPv6 address.

Qualifiers:
-------------
OUT
MaxLen=45

TlsStartTime
General Information:
Indicates the time when the TLS session was initiated.

Qualifiers:
-------------
OUT



Put

public  Put([IN]AMT_SetupAndConfigurationService Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM

General Information:
Changes properties of the selected instance

Product Specific Usage:
Can be used to update Provisioning Mode, ZTC Enabled, Provisioning Server OTP and Configuration Server FQDN.

The following properties must be included in any representation of AMT_BootSettingData:
SystemCreationClassName (cannot be modified)
SystemName (cannot be modified)
CreationClassName (cannot be modified)
Name (cannot be modified)

API is blocked in client control mode


Get

public  Get([OUT]AMT_SetupAndConfigurationService Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_ADMINISTRATION_REALM, ADMIN_SECURITY_GENERAL_INFO_REALM

General Information:
Gets the representation of the instance

Pull

public  Pull([IN]String EnumerationContext, [IN]String MaxElements)
Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned

General Information:
Pulls instances of this class, following an Enumerate operation

Enumerate

public  Enumerate()
Permission Information:
All users permitted to use method

General Information:
Enumerates the instances of this class

Release

public  Release([IN]String EnumerationContext)
Permission Information:
All users permitted to use method

General Information:
Releases an enumeration context

Copyright © 2006-2013, Intel Corporation. All rights reserved.