String Option

Selecting the String option allows picking one or more SoH fields and logical operators to create a policy. The options in the dropdown menu correspond to the fields in the SoH as shown in the table above, represented as strings in the XML version of the SoH. The following table lists the fields in the SoH with examples of their formatting.

Field Name

Format

Example

AMTPostureVersion

Integer

2 or 3

AMTTimeStamp

Day of week/month/day of month/hh:mm:ss/year

Thu Jan 17 15:48:09 2008

AMTPostureId

Integer

295

AMTPostureSender

Integer

0 or 1

AMTVersion

3 fields of version, followed by a build number

6.0.0.1057

AMTSecParams

Hexadecimal number representing the bit combination of the parameters

0x00001FC1

(this example indicates:

Enterprise Mode

TLS Disabled

Local and remote mutual authentication disabled

TLS-PSK disabled

Provisioning state-post provisioning

Network interface enabled

WebUI, IDER, SOL, FW update, and KVM all enabled

AMTHwInfo

Hexadecimal value

0x0000000001

AMTCurrentBootDevice

Integer

255

AMTAuthorizedBoots

Integer

0

AMTNetworkBootCounter

Integer

0

AMTHddBootCounter

Integer

0

AMTRemovableBootCounter

Integer

0

AMTIdersessionState

Integer

0

AMTIderConsoleIPv4

IPv4 address format (four decimal values separated by periods)

0.0.0.0

AMTIderConsoleIPv6

IPv6 address format

FEDC:BA98:7654:3210:FEDC:BA98:7654:3210

AMTIderConsolePort

Integer

32814

AMTFqdn

FQDN in dotted format

myplatform.west.
yourenterprise.com

AMTUuid

Hexadecimal value

0xE9EAEBECEDEEEFF0F1F2F3F4F5F6F7F8

AMTDigestMethodCode

Integer

0, 1, or 2

AMTSignature

Hexadecimal value

(Not applicable)

AMTCertIssuerCode

LDAP format

CN=Root CA, DC=west, DC=yourenterprise, DC=com

AMTCertSerialNumCode

Hexadecimal value

0x48D5E405000100000098

AMTAgentPresence

Hexadecimal value

(704 hex digits)

The string selection list includes four additional options, based evaluations made by the SHV:

Field Name

Description

Value

shvData.CertificateStatus

Result of the SHV check of the certificate for validity

“Valid”–certificate is valid
“Invalid”,–Certificate expired or revoked
“NotFound”–Plug-in cannot find the certificate based on the information in the SoH
“NotConfigured”–SHV not configured to check certificate status “GeneralError”–any other error

shvData.SignatureStatus

Result of validating the signature in the posture

“Valid”–signature is valid
“Invalid”–The signature generated with the certificate does not match the signature in the SoH
NotValidated”–SHV cannot check the signature as it did not receive a certificate from the plug-in
“NotConfigured”– SHV not configured to check signature status
“GeneralError”

shvData.MachineName

Platform name provided by the NAP infrastructure

String in FQDN format

shvData.NameMatch

Result of comparing MachineName to the FQDN in the SoH

“Yes” or “No”

The figure above shows selection of one of the SoH fields for comparison.

The string values can be used to create a validation of a subset of the fields in the SoH or the shvData values. The SHV provides logical operators and parentheses that can be used to create a logical expression. For example,
((PostureVersion == 2 AND AMTSecParams == 0xFC1) AND shvData.SignatureStatus == Valid). Note that each pair of Boolean comparisons needs parentheses. In this example, there are parentheses around the first pair and then around the whole expression. A combination of fields and operators would yield a display like the following:

The Insert and Remove links can be used to edit the settings. The installation includes a sample SoH named posture.xml, located in the same directory as the SHV executable. Click the Test button to evaluate the values in the expression against posture.xml. The Policy Resonse displays “Policy returned True” if the expression is valid, and “Policy returned False” if the expression is invalid.

Copyright © 2006-2013, Intel Corporation. All rights reserved.