SDK Resources > Posture Validation (NAC) > Intel AMT NAC Posture

Intel AMT NAC Posture

The NAC posture generated by Intel AMT consists of a number of text fields and a posture signature that is a hash of most of the fields in the posture, encrypted with the private key of a certificate stored in the Intel AMT device.

note-icon Note:

Beginning in Intel AMT Release 9.0 NAC is no longer supported.

The following is a list of the posture fields:

Attribute Number

Length (bytes)

Name

Details

32800

4

AMTPostureVersion

Posture version (Type 1: always 01 00 00 00 in Intel AMT Release 2.5 and 3.0. Type 2: always 02 00 00 00 in Releases 4.0 and 5.0
Type 3: always 03 00 00 00 in Release 6.0)

32801

4

AMTTimeStamp

Time of posture creation (seconds since 1 January 1970)

32802

4

AMTPostureId

Value incremented on each posture request. Reset when firmware is reset.

32803

4

AMTPostureSender

0=Host

1= Intel AMT

5

8

AMTVersion

Firmware code version

32804

4

AMTSecParams

Security parameters:

BIT0: Operational Mode (0=SMB or manually configured, 1=Enterprise)

BIT1: TLS enabled (1=Enabled)

BIT2: TLS remote mutual authentication enabled (1=Enabled)

BIT3: TLS local mutual authentication enabled (1=Enabled)

BIT4: TLS PSK enabled (1=Enabled)

BIT5-BIT6: Provisioning State (0=Pre, 1=In, 2=Post)

BIT7: Network Interface (1=Enabled)

BIT8: Web UI (1=Enabled)

BIT9: Storage Redirection State (1=Enabled)

BIT10: SOL State (1=Enabled)

BIT11: FW Update (1=Enabled)

BIT12: KVM State (1=Enabled) (Posture version 3 only)

32805

4

AMTHwInfo

BIT0: (1=Crypto enabled; 0=Crypto disabled)

32806

4

AMTCurrentBootDevice

Current boot device (0x00=authorized hard disk, 0x01=network, 0x02=New HDD, 3=Removable device, 0xFF=Boot device not supplied by BIOS)

32807

4

AMTAuthorizedBoots

Number of times the device has been booted from the primary ATA hard disk when the disk manufacturer’s ID and serial number are the same as the previous saved boot data

32808

4

AMTNetworkBootCounter

Number of times the device has been booted from the network

32809

4

AMTHddBootCounter

Number of times the device has been booted from a new hard disk drive

32810

4

AMTRemovableBootCounter

Number of times the device has been booted from a removable disk

32811

4

AMTIdersessionState

Storage Redirection session state (1=session open; 0=closed)

32812

4

AMTIderConsoleIPv4

Console IP address (relevant only when a Storage Redirection session is open)

32813

2

AMTIderConsolePort

Console port (relevant only when a Storage Redirection session is open)

32814

64

AMTFqdn

Device FQDN

32815

16

AMTUuid

Device UUID

32816

4

AMTDigestMethodCode

Method for hashing the posture before signing it.

0 = HMAC_SHA1

1 = HMAC_SHA256

2 = HMAC_SHA384

(Options 2 and 3 can occur in Posture version 3 only. The PVS sample only supports SHA1.)

32817

256

AMTSignature

An RSA-encrypted hash of selected AVPs in the posture, including the UUID and FQDN, but not including the time stamp

32818

up to 256

AMTCertIssuerCode

Issuer of the certificate used to sign the posture – in ASN.1 format

32819

up to 20

AMTCertSerialNumCode

Serial number of the certificate used to sign the posture

32820

352

AMTAgentPresence

Counters and state of software agents configured for EAC. See below (Posture versions 2 and 3 only)

32821

16

AMTIderConsoleIPv6

Console IPv6 address (relevant only when an IPv6 Storage Redirection session is open). If an IPv4 Storage Redirection session is open the value is 0 in all bytes (equvalent to ::). (Posture version 3 only)

 

See Also:

   Agent Presence Attribute

Copyright © 2006-2022, Intel Corporation. All rights reserved.