About Intel AMT > Deprecated and Deleted Features

Deprecated and Deleted Features

Over the life of the product, there have been changes to Intel AMT features and API functions. The following tables list deprecated features and those features or APIs that have been deleted.

The first table lists deprecated Intel AMT features. Intel’s policy is to announce that a feature is deprecated but to maintain the feature in future releases for at least three years. After three years, the feature may be dropped. Intel reserves the right to maintain a feature for a longer period.

The second table lists deleted Intel AMT APIs, primarily SOAP APIs. Most were replaced by different functionality.

There have been other changes in the product, notably changes in individual APIs from release to release. See Changes in WS-Management Classes between Versions.

Deprecated Items

 

Component Affected

Description

Intel AMT Release when deprecation was announced
FW Version (Year)

Access Monitor

KVM Audit Log Event - KVM Opt-In Disabled

7.0 (2011)

Access Monitor

KVM Audit Log Event - KVM Opt-In Enabled

7.0 (2011)

Access Monitor

KVM Audit Log Event - KVM Consent Succeeded

7.0 (2011)

Access Monitor

KVM Audit Log Event - KVM Consent Failed

7.0 (2011)

Access Monitor

Security Admin Audit Log Event - Provisioning Completed

6.1 (2010)

Access Monitor

Security Admin Audit Log Event - Provisioning Started

6.1 (2010)

Alarm Clock

AMT_AlarmClockService.NextAMTAlarmTime

8.0 (2011)

Alarm Clock

AMT_AlarmClockService.AMTAlarmClockInterval

8.0 (2011)

Host Interface support functions

CFG_GetPID is deprecated as part of the deprecation of TLS-PSK setup and configuration.

7.0 (2011)

Host Interface support functions

CFG_StartConfiguration deprecated in favor of CFG_StartConfigurationEx

6.0 (2010)

Host Interface support functions

CFG_GetAMTSetupAuditRecord deprecated in favor of CFG_GetMESetupAuditRecord.

6.0 (2010)

Host Interface support functions

CFG_GenerateRngSeed deprecated due to built-in hardware mechanism

3.0 (2008)

Host Interface support functions

CFG_GetRngSeedStatus deprecated due to built-in hardware mechanism

3.0 (2008)

MEBx/SDK Sample

USB Key - version 3.0 of the record format - The Provisioning Mode variable (CLI parameter –PM) is deprecated. The choice was between Enterprise (0) and SMB (1). Now, selecting 1 results in manual configuration (for backward compatibility). See the USBFile readme.

6.0 (2010)

Redirection Library

IMR_SOLOpenTCPSession is deprecated in Intel AMT Release 4.0 and later releases in favor of IMR_SOLOpenTCPSessionEx

4.0/5.0 (2009)

Redirection Library

IMR_IDEROpenTCPSession is deprecated in Intel AMT Release 4.0 and later releases in favor of IMR_IDEROpenTCPSessionEx

4.0/5.0 (2009)

Redirection Library

The CA_File parameter in the SECURITY section of the redirection library ini file is deprecated in favor of the IMR_SetCertificateInfo() library function. See the .ini file documentation.

2.0 (2006)

Redirection Configuration

The MEBx SOL/IDE-R menu item Username and password option that enables “basic authentication” – sending a username and password in the clear to authenticate a redirection session – is deprecated. Use Digest or Kerberos authentication instead.

7.0 (2011)

Setup and configuration

STATE_INDEPENDENCE_IsChangeToAMTEnabled deprecated

9.0 (2013)

Setup and configuration

STATE_INDEPENDENCE_ChangeToAMT deprecated

9.0 (2013)

Setup and configuration

CFG_GetProvisioningMode deprecated and ZTC Local Agent sample, which used the API, is removed from the SDK

9.0 (2013)

Setup and configuration

CFG_SetConfigurationServerFQDN deprecated and ZTC Local Agent sample, which used the API, is removed from the SDK

9.0 (2013)

SOAP

The SOAP (EOI) interface is deprecated in favor of the WS-Management interface. New features are not supported by the SOAP interface. This includes the Storage Library in the SDK.

6.0 (2010)

SOAP

Get8021XWiredProfile deprecated in favor of Get8021XWiredProfileEx

4.2/5.1 (2010)

SOAP

GetWirelessProfile deprecated in favor of GetWirelessProfileEx

4.2 (2010)

SOAP

SetProvisioningMode deprecated

4.0/5.0 (2009)

SOAP

SetRngKey deprecated due to built-in hardware mechanism

3.0 (2008)

Storage

Third Party Data Storage (3PDS) was deprecated, along with the AMT_ThirdPartyDataStorageAdministrationService and AMT_ThirdPartyDataStorageService classes.

11.0 (2015)

WS-Management

The class AMT_EventLogEntry was deprecated in favor of AMT_MessageLog, and eventually removed. Later AMT_EventLogEntry was restored as it was in use by certain ISVs, but is still deprecated. See the SDK for how to work with AMT_MessageLog, the recommended approach.

Deprecated in 3.2 (2009); removed in 6.0 (2010); restored in 6.1 (2010)

WS-Management

AMT_SetupAndConfigurationService.ResetFlashWearOutProtection deprecated (returns indication that it completed successfully, but otherwise does nothing)

7.0 (2011)

WS-Management

AMT_SetupAndConfigurationService the methods GetProvisioningAuditRecord and GetProvisioningAuditRecordV2 are deprecated in favor of the class IPS_ProvisioningAuditRecord

6.1 (2010)

WS-Management

AMT_AgentPresenceWatchdogVA is deprecated.

6.0 (2010)

WS-Management

AMT_TLSSettingData - Use of Mutual Authentication on the local interface is deprecated.

6.0 (2010)

Firmware Update

The firmware update realm is deprecated.

7.0 (2011)

Non-TLS Mode

Intel plans, in future platforms, to remove the option to connect to Intel AMT without TLS (non-TLS mode).

Document update: 2020

System Defense

The System Defense feature is being deprecated. Starting from Intel ME 18.0 firmware, the feature will no longer be available.

Document update: 2020

SNMP PET Alerts

The Intel AMT Event Manager SNMP PET Alerts feature is being deprecated. Starting from Intel ME 18.0 firmware, the feature will no longer be available. The WS-Events feature remains, and will be used instead of SNMP PET alerts.

Document update: 2020

DDNS Support

Dynamic DNS Update support is being deprecated. Starting from Intel ME 18.0 firmware, the feature will no longer be available.

Document update: 2020

SHA1 Root Certificates and RSA Key Sizes Smaller than 2048 Bits

In Intel ME 11.0 the default SHA1 certificate hashes were removed from the firmware. Hashes could still be added in manufacturing, or through the MEBX or WS-MAN commands. Starting from Intel ME 15.0 firmware for H platform, and Intel ME 16.0 firmware for all platforms, Intel is removing support of SHA1 root certificates and RSA key sizes smaller than 2048 bits for Intel AMT provisioning. In those releases and later, it is no longer possible to add SHA1 hashes, and none of the certificates in the certificate chain can be SHA1-based, including the root certificate.

Document update: 2021

Embedded Host Based Configuration (EHBC)

Starting from Intel CSME 15.0.35.1879, Intel CSME 16.0 and Intel CSME 17.0 firmware, the Embedded Host Based Configuration (EHBC) feature will no longer be available.

Document update: 2021

Web UI

Intel plans, in future platforms, to remove the option of connecting to Intel AMT via the Web UI application. Instead, customers will have the option of downloading a web application to the Intel CSME firmware and interacting with the web application via a browser. This will provide similar functionality to that of the Web UI, but will require the additional initial step mentioned. The date for removal of the Web UI has not yet been decided.

Document update: 2021

Endpoint Access Control (EAC)

Intel plans, in future platforms, to remove the Endpoint Access Control (EAC) feature, including Intel AMT support for Network Access Protection (NAP). The removal is tentatively planned for 2023. Intel will notify customers once the removal date has been finalized.

Document update: 2021

TKIP and WEP Encryption Methods

Intel has removed Intel AMT support for the WEP and TKIP 802.11 encryption methods, starting from Intel CSME firmware running on Tiger Lake-H platforms. This also means that mixed TKIP/CCMP WiFi access-point mode is no longer supported by the Intel CSME WiFi stack. To allow Intel CSME WiFi connectivity, all crypto modes utilizing TKIP must be disabled in the AP.

Note: In "pipe" mode the WiFi connection (including encryption/decryption algorithm selection on WiFi connection establishment) is handled by the host operating system WiFi stack. In this mode, the data packets are sent to Intel AMT after they have been decrypted by the host side WiFi. In this mode there is currently no restriction in Intel CSME on the WiFi encryption protocols selected by the operating system. However, switching an TKIP or WEP based Intel AMT connection from the host to Intel CSME side WiFi will cause WiFi connection termination.

Document update: 2021

 

Deleted Items

 

Component Affected

Description

Deprecation
FW Version (year)

Obsolete since
FW Version (year)

Firmware update

Firmware Update WS-Management and SOAP functionality was removed.

FW Update Realm

7.0 (2011)

FW Update functionality

7.0 (2011)

Intel® Small Business Technology Platform

Support for this feature ended in Release 11.6, and it was removed in Release 12.0.

11.6 (2017)

12.0 (2018)

SOAP

All Intel AMT SDK SOAP components and all support for SOAP functionality

6.0 (2010)

9.0 (2012)

SOAP

GetPowerSavingOptions

2.5 (2007)

6.0 (2010)

SOAP

GetTcpIpParameters

2.5 (2007)

6.0 (2010)

SOAP

GetTLSCertificate

2.5 (2007)

6.0 (2010)

SOAP

SetPowerSavingOptions

2.5 (2007)

6.0 (2010)

SOAP

SetTcpIpParameters deprecated in favor of SetInterfaceSettings

2.5 (2007)

6.0 (2010)

SOAP

SetTLSCertificate deprecated in favor of CertStoreAddCertificate

2.5 (2007)

6.0 (2010)

SOAP

SetTLSKeyAndCertificate deprecated in favor of CertStoreAddCertificate() and SetTLSCredentials().

2.5 (2007)

6.0 (2010)

SOAP

SubscribeForAlert, EnumerateAlertSubscriptions

2.5 (2007)

6.0 (2010)

SOAP

AddUserAclEntry deprecated in favor of AddUserAclEntryEx

2.0 (2006)

4.0 (2009)

SOAP

GetUserAclEntry

2.0 (2006)

4.0 (2009)

SOAP

SetAdminAclEntry

2.0 (2006)

4.0 (2009)

SOAP

SetEventLogTimestampClock

2.0 (2006)

4.0 (2009)

SOAP

SetTlsEnabled

2.0 (2006)

4.0 (2009)

SOAP

UpdateUserAclEntry

2.0 (2006)

4.0 (2009)

SOAP

SetVlanParameters/GetVlanParameters not supported on any mobile platforms – releases 2.5/6, 4.x, 6.x and later releases

 

TLS

Support for TLS 1.0 was removed, and support for TLS 1.2 was added in its place.

 

12.0 (2018)

WS-Management

IPS_IdentityProtectionTechnologyService was included only in Release 6.0.

 

6.1 (2010)

WS-Management

AMT_HeuristicsPacketFilterSettings support is deprecated as part of heuristic policies deprecation.

10.0 (2014)

12.0 (2018)

WS-Management

AMT_HeuristicsPacketFilterStatistics support is deprecated as part of heuristic policies deprecation.

10.0 (2014)

12.0 (2018)

WS-Management

AMT_HeuristicsPacketFilterInterfacePolicy support is deprecated as part of heuristic policies deprecation.

10.0 (2014)

12.0 (2018)

Redirection Library

The CA_File parameter in the SECURITY section of the redirection library ini file is deprecated in favor of the IMR_SetCertificateInfo() library function. See the .ini file documentation.

 

2.0 (2006)

Host Interface support functions

CFG_StartConfiguration deprecated in favor of CFG_StartConfigurationEx

6.0 (2010)

9.0 (2013)

Host Interface support functions

CFG_GetAMTSetupAuditRecord deprecated in favor of CFG_GetMESetupAuditRecord.

6.0 (2010)

9.0 (2013)

Host Interface support functions

CFG_GetRngSeedStatus deprecated due to built-in hardware mechanism

3.0 (2008)

9.0 (2013)

Host Interface support functions

CFG_GenerateRngSeed deprecated due to built-in hardware mechanism.

3.0 (2008)

6.0 (2010)

Setup and configuration

TLS–PSK setup and configuration method deprecated

7.0 (2011)

11.0 (2015)

SHA1 Root Certificates and RSA Key Sizes Smaller than 2048 Bits

In Intel ME 11.0 the default SHA1 certificate hashes were removed from the firmware. Hashes could still be added in manufacturing, or through the MEBX or WS-MAN commands. Starting from Intel ME 15.0 firmware for desktops, and Intel ME 16.0 firmware for all platforms, Intel is removing support of SHA1 root certificates and RSA key sizes smaller than 2048 bits for Intel AMT provisioning. In those releases and later, it is no longer possible to add SHA1 hashes.

Document update: 2020

Small Medium Business Mode (SMB)

SMB mode was removed starting from Release 6.0. See Intel AMT MEBX Setup Types.

6.0 (2010) Document update: 2021

 

See Also:

   Changes in WS-Management Classes between Versions

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.