Developers should observe the following guidelines when creating applications that use the Intel AMT storage capability.
An ISV application uniquely identifies itself to the Intel AMT firmware when it registers using a combination of Vendor Name, Application Name, Enterprise Name, and the machine’s UUID (Universally Unique IDentifier) which identifies the host on which the application is running. This combination enables the Intel AMT Storage service to differentiate between instances of the same executable application running on different hosts (e.g. the local host and a remote host, or different remote hosts). Unique identification is essential to prevent corruption of storage and session data in the Intel AMT storage manager when different instances of the same application attempt to access it. An application instance should use the same UUID in every registration process to enable the Intel AMT Storage service to identify the application correctly in subsequent registrations.
When the application registers with the Storage service, the Storage service returns a Session handle to the application. The application specifies this handle in subsequent storage service calls until it sends a new registration request (with identical information). Once an application has initially registered with unique registration information from either the local or the remote interface, registration attempts with identical registration data from a different interface will be rejected.
The size of the API buffer used to communicate with the Intel AMT device is 4KB. The application code should provide fragmentation support for storage block Read or Write requests that exceed this limit.
• API Access Serialization – The caller should serialize access to all of the API functions for a given registered application (i.e. all accesses using identical identification data: Vendor, Application, Enterprise names and UUID).
• Application Multiplicity – Accessing an Intel AMT enabled device with identical registration information from multiple processes running concurrently, either on the same host or from different hosts is invalid. Due to the storage registration protocol, the session key used for a given registered application session cannot be shared between multiple consumers.
• Storage Operations – Unless stated otherwise, all storage operations can be performed only by an application that has first successfully registered using the RegisterApplication method.
Before registering an application, you must add the application's enterprise to the Enterprise Access Control List (EACL) using the AddStorageEaclEntry method.
ISV applications that write data to the third-party data storage area of the NVM must perform their own data protection. Intel AMT does not encrypt this information, and it is stored in the form that it was sent. It is up to the ISV application to properly protect any sensitive information written into this repository.
Copyright © 2006-2022, Intel Corporation. All rights reserved.