Intel AMT NAC Posture
The NAC posture generated by Intel AMT consists of a number of text fields and a posture signature that is a hash of most of the fields in the posture, encrypted with the private key of a certificate stored in the Intel AMT device.
|
|
|
Beginning in Intel AMT Release 9.0 NAC is no longer supported. |
The following is a list of the posture fields:
|
Attribute Number |
Length (bytes) |
Name |
Details |
|
32800 |
4 |
AMTPostureVersion |
Posture version (Type 1: always 01 00 00 00 in Intel
AMT Release 2.5 and 3.0. Type 2: always 02 00 00 00 in Releases 4.0 and
5.0 |
|
32801 |
4 |
AMTTimeStamp |
Time of posture creation (seconds since 1 January 1970) |
|
32802 |
4 |
AMTPostureId |
Value incremented on each posture request. Reset when firmware is reset. |
|
32803 |
4 |
AMTPostureSender |
0=Host 1= Intel AMT |
|
5 |
8 |
AMTVersion |
Firmware code version |
|
32804 |
4 |
AMTSecParams |
Security parameters: BIT0: Operational Mode (0=SMB or manually configured, 1=Enterprise) BIT1: TLS enabled (1=Enabled) BIT2: TLS remote mutual authentication enabled (1=Enabled) BIT3: TLS local mutual authentication enabled (1=Enabled) BIT4: TLS PSK enabled (1=Enabled) BIT5-BIT6: Provisioning State (0=Pre, 1=In, 2=Post) BIT7: Network Interface (1=Enabled) BIT8: Web UI (1=Enabled) BIT9: Storage Redirection State (1=Enabled) BIT10: SOL State (1=Enabled) BIT11: FW Update (1=Enabled) BIT12: KVM State (1=Enabled) (Posture version 3 only) |
|
32805 |
4 |
AMTHwInfo |
BIT0: (1=Crypto enabled; 0=Crypto disabled) |
|
32806 |
4 |
AMTCurrentBootDevice |
Current boot device (0x00=authorized hard disk, 0x01=network, 0x02=New HDD, 3=Removable device, 0xFF=Boot device not supplied by BIOS) |
|
32807 |
4 |
AMTAuthorizedBoots |
Number of times the device has been booted from the primary ATA hard disk when the disk manufacturer’s ID and serial number are the same as the previous saved boot data |
|
32808 |
4 |
AMTNetworkBootCounter |
Number of times the device has been booted from the network |
|
32809 |
4 |
AMTHddBootCounter |
Number of times the device has been booted from a new hard disk drive |
|
32810 |
4 |
AMTRemovableBootCounter |
Number of times the device has been booted from a removable disk |
|
32811 |
4 |
AMTIdersessionState |
Storage Redirection session state (1=session open; 0=closed) |
|
32812 |
4 |
AMTIderConsoleIPv4 |
Console IP address (relevant only when a Storage Redirection session is open) |
|
32813 |
2 |
AMTIderConsolePort |
Console port (relevant only when a Storage Redirection session is open) |
|
32814 |
64 |
AMTFqdn |
Device FQDN |
|
32815 |
16 |
AMTUuid |
Device UUID |
|
32816 |
4 |
AMTDigestMethodCode |
Method for hashing the posture before signing it. 0 = HMAC_SHA1 1 = HMAC_SHA256 2 = HMAC_SHA384 (Options 2 and 3 can occur in Posture version 3 only. The PVS sample only supports SHA1.) |
|
32817 |
256 |
AMTSignature |
An RSA-encrypted hash of selected AVPs in the posture, including the UUID and FQDN, but not including the time stamp |
|
32818 |
up to 256 |
AMTCertIssuerCode |
Issuer of the certificate used to sign the posture – in ASN.1 format |
|
32819 |
up to 20 |
AMTCertSerialNumCode |
Serial number of the certificate used to sign the posture |
|
32820 |
352 |
AMTAgentPresence |
Counters and state of software agents configured for EAC. See below (Posture versions 2 and 3 only) |
|
32821 |
16 |
AMTIderConsoleIPv6 |
Console IPv6 address (relevant only when an IPv6 Storage Redirection session is open). If an IPv4 Storage Redirection session is open the value is 0 in all bytes (equvalent to ::). (Posture version 3 only) |
|
See Also: |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |