Entering the PID-PPS Pair Using a USB Storage Device

You can eliminate the possibility of user error when manually entering the PID-PPS pair into the MEBx of the Intel AMT by using a USB Storage Device. The following items are required:

   A dedicated USB key with a “setup.bin” file in the root directory (the file must not be fragmented on the drive).

   A function that generates a file of PID-PPS pairs in the correct format. The function must generate secure PPS values using a strong random number generator. The SDK includes a sample program (USBFile.exe) and a supporting script (create_usb_file.bat).

To install the PID-PPS information on an Intel AMT platform an IT technician connects the USB key to a USB port and turns on the platform. The BIOS on the platform detects the “setup.bin” file in the USB key, validates it is in the correct format, reads the next available entry in the file, authenticates the password, saves the PID-PPS values, optionally updates with the replacement password, and optionally marks the entry on the USB key as “used”. A message is displayed on the monitor informing the technician that the process is complete.

The platform is now in Setup Mode and when connected to the network, Intel AMT will start to send “Hello” messages. If there are parameters that still need setting, such as the platform IP, this should be done before connecting to the network. The “standard” defaults are:

   DHCP mode with no domain defined

   Setup and Configuration Server with the default hostname and port

   No DNS IP defined (The DHCP server must be configured to provide a DNS IP and the Domain Suffix which will be required to discover the IP of the Setup and Configuration Server).

Note:

   The Domain Suffix is option 15 in IPv4 or option 24 in IPv6.

   If the Domain Suffix is not configured, Intel AMT will send a query for "Provisionserver" which will be ignored by most DNS servers.

The defaults can vary depending on OEM settings. If these defaults are acceptable, the platform can now be connected to the network and powered on. Otherwise, the technician can power on the platform, enter the MEBx sub-menu and configure additional parameters. This can also be achieved using a USB key (USB file version 2.0+ supported from Intel AMT Release 3.0). Note that starting with Intel AMT release 3.0, several of the MEBx parameters cannot be set once the device is in Setup Mode.


