Functional Limitations of Client Control Mode

The following tables list the functions that are blocked or modified in Client Control mode.

WS-Management Limitations

The following WS-Management functions are blocked when an Intel AMT platform is in Client Control Mode:

Class Name

Method/Field Name

Details

IPS_KVMRedirectionSettingData

OptInPolicy

Read Only in Client Control mode

IPS_OptInService

OptInPolicy

Read Only in Client Control mode

AMT_SetupAndConfigurationService

SetTLSPSK

API is blocked in Client Control mode.

SetMEBxPassword

API is blocked in Client Control mode

Put

API is blocked in Client Control mode

GetProvisioning
AuditRecord

Deprecated, Callers should use the new IPS_ProvisioningAuditRecord.

Returns an error value when not configured using TLS-PSK or remote configuration.

GetProvisioning
AuditRecordV2

Deprecated, Callers should use the new IPS_ProvisioningAuditRecord.

Returns an error value when not configured using TLS-PSK or remote configuration.

Unprovision

In Client Control Mode, call will succeed even if auditor is blocking the operation.

PartialUnprovision

In Client Control Mode, call will succeed even if auditor is blocking the operation.

AMT_ProvisioningCertificateHash

Put, Create, Delete

Methods blocked in Client Control mode.

AMT_SystemDefensePolicy

Create

Blocked in Client Control mode.

AMT_Hdr8021FIlter

Create

Blocked in Client Control mode.

AMT_IpHeadersFilter

Create

Blocked in Client Control mode.

AMT_NetworkPortSystemDefensePolicy

Create

Blocked in Client Control mode.

AMT_NetworkPortDefaultSystemDefensePolicy

Create

Blocked in Client Control mode.

AMT_HeuristicPacketFilterInterfacePolicy

Create

Blocked in Client Control mode.

AMT_HeuristicPacketFilterSettings

 

Instance is not created in Client Control mode, and therefore disables the Heuristics System Defense feature.

AMT_GeneralSystemDefenseCapabilities

 

Instance is not created in Client Control mode, which disables the System Defense feature.

 

SOAP API Limitations

The following SOAP commands are also blocked or modified when Intel AMT is in Client Control Mode:

Command

Details

SetTLSPSK

Returns PT_STATUS_NOT_PERMITTED

SetMEBxPassword

Returns PT_STATUS_NOT_PERMITTED

AddCertificateHashEntry

Returns PT_STATUS_NOT_PERMITTED

DeleteCertificateHashEntry

Returns PT_STATUS_NOT_PERMITTED

EnableCertificateHashEntry

Returns PT_STATUS_NOT_PERMITTED

SetConfigurationServerFQDN

Returns PT_STATUS_NOT_PERMITTED

SetProvisioningServerOTP

Returns PT_STATUS_NOT_PERMITTED

GetProvisioningAuditRecord

Returns PT_STATUS_NOT_PERMITTED

CbPolicyCreate

Returns PT_STATUS_NOT_PERMITTED

CbPolicyGetActiveStatistics

Returns PT_STATUS_NOT_PERMITTED

CbFilterCreate

Returns PT_STATUS_NOT_PERMITTED

CbQueryCapabilities

Returns supported policies and filters as 0

SetHcbOptions

Returns PT_STATUS_NOT_PERMITTED

ClearHcbState

Returns PT_STATUS_NOT_PERMITTED

ConsoleWatchdogSetCbPolicy

Will not succeed as there will be no active policies.

ConsoleWatchdogSetActions with CbActionType input parameter

Will not succeed as there will be no active policies.

ExtendProvisioningPeriod

Will not succeed in Client control Mode

 

Copyright © 2006-2020, Intel Corporation. All rights reserved.