Intel AMT SHA Statement of Health
The SoH generated by Intel AMT consists of a number of text fields and a signature that is a hash of most of the fields in the SoH, encrypted with the private key of a certificate stored in the Intel AMT device. The fields are in TLV format. The SoH as sent by the LMS, beginning in Release 9.0, in passive mode or by the Intel AMT device in active mode include all of the fields in a single attribute in SoH format. Prior to Release 9.0, the UNS sent the SoH.
The following is a list of the fields:
|
Attribute Number |
Length (bytes) |
Name |
Details |
|
32800 |
4 |
AMTPostureVersion |
Posture version (Type 2: always 02 00 00 00 in Releases
4.0 and 5.0 |
|
32801 |
4 |
AMTTimeStamp |
Time of posture creation (seconds since 1 January 1970) |
|
32802 |
4 |
AMTPostureId |
Value incremented on each posture request. Reset when firmware is reset. |
|
32803 |
4 |
AMTPostureSender |
0=Host 1= Intel AMT |
|
5 |
8 |
AMTVersion |
Firmware code version |
|
32804 |
4 |
AMTSecParams |
Security parameters: BIT0: Operational Mode (0=SMB or manually configured, 1=Enterprise) BIT1: TLS enabled (1=Enabled) BIT2: TLS remote mutual authentication enabled (1=Enabled) BIT3: TLS local mutual authentication enabled (1=Enabled) BIT4: TLS PSK enabled (1=Enabled) BIT5-BIT6: Provisioning State (0=Pre, 1=In, 2=Post) BIT7: Network Interface (1=Enabled) BIT8: Web UI (1=Enabled) BIT9: Storage Redirection State (1=Enabled) BIT10: SOL State (1=Enabled) BIT11: FW Update (1=Enabled) BIT12: KVM State (1=Enabled) (Posture version 3 only) |
|
32805 |
4 |
AMTHwInfo |
BIT0: (1=Crypto enabled; 0=Crypto disabled) |
|
32806 |
4 |
AMTCurrentBootDevice |
Current boot device (0x00=authorized hard disk, 0x01=network, 0x02=New HDD, 3=Removable device, 0xFF=Boot device not supplied by BIOS) |
|
32807 |
4 |
AMTAuthorizedBoots |
Number of times the device has been booted from the primary ATA hard disk when the disk manufacturer’s ID and serial number are the same as the previous saved boot data |
|
32808 |
4 |
AMTNetworkBootCounter |
Number of times the device has been booted from the network |
|
32809 |
4 |
AMTHddBootCounter |
Number of times the device has been booted from a new hard disk drive |
|
32810 |
4 |
AMTRemovableBootCounter |
Number of times the device has been booted from a removable disk |
|
32811 |
4 |
AMTIdersessionState |
Storage Redirection session state (1=session open; 0=closed) |
|
32812 |
4 |
AMTIderConsoleIPv4 |
Console IP address (relevant only when a Storage Redirection session is open) |
|
32813 |
2 |
AMTIderConsolePort |
Console port (relevant only when a Storage Redirection session is open) |
|
32814 |
64 |
AMTFqdn |
Device FQDN |
|
32815 |
16 |
AMTUuid |
Device UUID |
|
32816 |
4 |
AMTDigestMethodCode |
Method for hashing the posture before signing it. 0 = HMAC_SHA1 1 = HMAC_SHA256 2 = HMAC_SHA384 (Options 2 and 3 can occur in Posture version 3 only) |
|
32817 |
256 |
AMTSignature |
An RSA-encrypted hash of selected AVPs in the posture, including the UUID and FQDN, but not including the time stamp |
|
32818 |
up to 256 |
AMTCertIssuerCode |
Issuer of the certificate used to sign the posture |
|
32819 |
up to 20 |
AMTCertSerialNumCode |
Serial number of the certificate used to sign the posture |
|
32820 |
352 |
AMTAgentPresence |
Counters and state of software agents configured for EAC. See below. |
|
32821 |
16 |
AMTIderConsoleIPv6 |
Console IPv6 address (relevant only when an IPv6 Storage Redirection session is open). If an IPv4 Storage Redirection session is open the value is 0 in all bytes (equivalent to ::). (Posture version 3 only) |
|
|
|
Beginning in version 11.0, Storage Redirection uses the USB-R protocol rather than the IDE-R protocol. The attribute names have not been changed so as to preserve backwards compatibility. |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |