CFG_GetAuditLogSignature

CFG_GetAuditLogSignature provides an Intel CSME Root of Trust signature over the Intel AMT Audit log to allow verifying the authenticity of the log retrieved via CFG_GetAuditLogRecords by a remote auditing service. The signature returned is over the hash of the audit log as last read via CFG_GetAuditLogRecords, and not the current Audit Log (which may have changed since it was last read). The Intel CSME certificates accompanying the signature uniquely identify the device from which the log comes. This enables auditing software to regularly collect the Intel AMT Audit Log from the device for inspection.

Note:

1. CFG_GetAuditLogRecords must be invoked before CFG_GetAuditLogSignature. Otherwise an error will be returned.

2. If Intel AMT and Intel Unique Platform ID (Intel UPID) are both disabled, invoking CFG_GetAuditLogSignature will return an error.

Supported from Intel ME 15.0

CFG_GetAuditLogSignature Request

typedef struct _CFG_GetAuditLogSignature_Request

{

    PTHI_MESSAGE_HEADER     Header;

    UINT8                  MCNonce [20];

} _ CFG_GetAuditLogSignature_Request;

 

Field

Description

Header.Version

Major and minor interface version.

Header.Reserved

0000h

Header.Command

0x08C

Header.Length

Message Length, excluding the message header.

MCNonce[20]

20-byte nonce created by the auditing service for verifying freshness of the signature without relying on the Intel AMT time.

CFG_GetAuditLogSignature Response

typedef struct

{

    PTHI_MESSAGE_HEADER           Header;

    AMT_STATUS                    Status;

    UINT32                        TotalRecordCount;

    datetime                        StartLogTime;

    datetime                         EndLogTime;

    datetime                         SignatureGenerationTime;

    UINT8                          AuditLogHash[64];

    UINT8                          AMTNonce[20];

    CHAR                         UUID[16];

    CHAR                         FQDN[256];

    FWVERSION                          FWVersion;

    UINT32                          AMTSVN;

    UINT32                          SignatureMechanism;

    UINT8                          Signature[512];

    UINT16                          LengthsOfCertificates[4];

    UINT8                          Certificates[3000];

} CFG_GetAuditLogRecords_Response;

 

Field

Description

Header.Version

Major and minor interface version.

Header.Reserved

0000h

Header.Command

0x08C

Header.Length

Message Length, excluding the message header.

Status

A status code returned in a response message that indicates whether the operation specified in the corresponding request message succeeded or failed. If the operation failed, this code indicates the specific reason for failure.

TotalRecordCount

Total count of records in the Intel AMT Audit Log that are included in AuditLogHash. Max value: 390

StartLogTime

Audit log start time – the time stamp on the first entry in the Audit Log

EndLogTime

Audit log end time – the time stamp on the first entry in the Audit Log

SignatureGenerationTime

The time the audit log was signed

AuditLogHash

A hash of the audit log received via CFG_GetAuditLogRecords

AMTNonce

20-byte nonce created by the Intel AMT firmware

UUID

16 bytes containing the system UUID

FQDN

Null-terminated system name configured when Intel AMT is provisioned. Null for an unprovisioned system

FWVersion

The system’s Intel AMT firmware version

AMTSVN

SVN of the Intel AMT application

SignatureMechanism

Signature mechanism used to hash and sign the audit log. Possible value: 0 – ECDSA-P384 with SHA384

Signature

The following value is signed by the Intel CSME in Signature: H(AuditLog) || MCNonce || AMTNonce || FQDN || UUID || FWVersion || AMTSVN || SignatureMechanism

|| stands for concatenation.
The Signature is in Plain format: (r, s) encoded as byte array

LengthsOfCertificates

Certificate lengths. An array containing the lengths of each certificates in the certificate chain in the Certificates field in sequence

Certificates

The Intel CSME On-Die Certificate Authority certificate chain used for signing the audit log

Qualifiers

   ValueMap { "0", "1", “36”, “2066”, "0x0809"}

   Values { AMT_STATUS_SUCCESS, AMT_STATUS_INTERNAL_ERROR, AMT_STATUS_INVALID_PARAMETER, AMT_STATUS_UNSUPPORTED, AMT_STATUS_DATA_MISSING }

 

CFG_ GetAuditLogSignature Status Codes

Status

Description

AMT_STATUS_SUCCESS

Request succeeded.

AMT_STATUS_INTERNAL_ERROR

An internal error in the Intel AMT device has occurred.

AMT_STATUS_INVALID_PARAMETER

Parameter value is not valid.

AMT_STATUS_UNSUPPORTED

Returned when ODCA is not supported (Intel CSME firmware version less than 15.0), and when Intel AMT is not enabled in the SKU manager

AMT_STATUS_DATA_MISSING

Returned when function is called before CFG_GetAuditLogRecords

datetime

typedef struct

{

    UINT16     Year;

    UINT16 Month;

    UINT16 DayOfWeek;

    UINT16 Day;

    UINT16 Hour;

    UINT16 Minute;

    UINT16 Second;

} DATETIME;


 

Copyright © 2006-2022, Intel Corporation. All rights reserved.