Intel AMT Release 2.0 is a component of the Intel vPro platform. It uses a number of elements in the Intel vPro platform architecture. The following figure shows the relationship between these elements.
The Intel AMT functionality is contained in the firmware (ME FW).
• The firmware image is stored in the Flash memory.
• The Intel AMT capability is enabled using the Intel® Management Engine (Intel® ME) BIOS extension as implemented by an OEM platform provider. A remote application performs enterprise setup and configuration (See ).
• On power-up, the firmware image is copied into the Double Data Rate (DDR) random-access memory (RAM).
• The firmware executes on the Intel ME processor and uses a small portion of the DDR RAM (Slot 0) for storage during execution. RAM slot 0 must be populated and powered on for the firmware to run.
Intel AMT stores the following information in the Flash (ME Data):
• OEM-configurable parameters
• Setup and configuration parameters such as passwords, network configuration, certificates, and access control lists (ACLs)
• Other configuration information, such as lists of alerts and System Defense policies
• The hardware configuration captured by the BIOS at startup
Intel AMT also manages third-party data storage (3PDS).The storage area can be allocated by independent software vendor (ISVs) for local storage of information critical to their applications.
The Flash also contains the BIOS executable code (BIOS), as well as the executable code for the Intel® 82566DM Gigabit Network Connection (GbE Ntwk FW).
The Flash is protected against unauthorized host access by a hardware mechanism activated by the OEM during manufacturing.
The ICH8 interface controller holds the filter definitions that are applied to incoming and outgoing in-band network traffic (the message traffic to and from the CPU). These include both internally-defined filters and the application filters defined by ISVs using the System Defense and Agent Presence capabilities.
The Intel® 82566 Gigabit Network Connection identifies out-of-band (OOB) network traffic (traffic targeted to Intel AMT) and routes it to the Intel ME instead of to the CPU. Intel AMT traffic is identified by dedicated IANA-registered port numbers.
The following elements interact with Intel AMT:
• The BIOS can be used to initialize Intel AMT or to reset it to its initial state. It captures platform hardware configuration information and stores it in NVM so that Intel AMT can make the information available out of band.
• The ICH8 sensor capability detects the state of various platform sensors, such as temperatures, fan status, and chassis integrity. Intel AMT can be configured to store and/or forward an alert when the state of any selected sensor changes or crosses a threshold.
• Software Agents (typically written by management ISVs) executing on the CPU can register with Intel AMT and report their presence to Intel AMT and to a management console using “heartbeats”. Intel AMT monitors the heartbeats and can take action when there is a problem with Agent execution.
• ISV Applications on the CPU can communicate locally with Intel AMT using dedicated drivers that are compatible with the host operating system.
Intel AMT Release 2.1
Intel AMT Release 2.1 enhances the Intel AMT power savings option by enabling waking the Intel AMT device on receipt of a message on the network interface when the device is asleep in an Sx power state. See Sleep States.
Intel AMT Release 2.2
Intel AMT Release 2.2 adds Remote Configuration (also known as Zero-Touch Configuration, or ZTC), which simplifies the setup and configuration process while maintaining the security of the Intel AMT device.
Copyright © 2006-2022, Intel Corporation. All rights reserved.