Setup and Configuration of Intel AMT > Restoring Intel AMT to Factory Mode

Restoring Intel AMT to Factory Mode

Intel AMT should be returned to Factory Mode whenever its capabilities need to be reconfigured on a platform. The Intel AMT device is returned to Factory Mode from the Intel (R) AMT Configuration menu of the MEBx using the following options.

Full Unprovision

Selecting the Full Unprovision option performs the following actions:

   Non-Volatile Memory (NVM) is cleared.

   Event log is cleared.

   All Access Control Lists (ACL) are cleared, and the administrator username is set to the default “admin”. (The MEBx password is not restored to the default).

   Hardware asset information is erased. (In Releases 4.2 and 5.0 and later releases, the hardware asset information from the last power on is retained.)

   The Intel AMT network device is reset and the Intel AMT device is put back into Factory Mode.

   All Intel AMT configuration data is erased (certificates, CIRA, wireless profiles, wired 802.1x profiles, etc.). All secure settings required for re-provisioning are also erased, including those set by OEM prior to end of manufacturing, as well as custom hashes (and inactive default hashes in Releases 6.x and 7.x), the DNS suffix, the configuration server FQDN and the PSK/PID pair.

note-icon Note:

You are able to change the Provision Model from Small Business (legacy feature from pre 6.0 releases; not to be confused with SBT) to Enterprise or vice versa only when the Intel AMT device is in Factory Mode. (Not applicable to release 6.0 and later.)

Beginning in Release 8.0, the Auditor must erase the Auditor profile via the ACL entry to allow unprovisioning.

Beginning in Release 12.0, the DNS suffix is no longer erased.

 

Partial Unprovision

Selecting the Partial Unprovision option performs all of the Full Unprovision actions, with the following exceptions:

   The Admin ACL, containing the administrator username and password, is not restored to the default.

   The hostname is not erased.

   The provisioning server IP and port are not erased.

   The domain name is not erased.

   All data needed for the next setup and configuration attempt is retained (OTP, PKI DNS Suffix, SCA FQDN, Customized hashes [+ inactive default hashes in Releases 6.x and 7.x], and PID-PPS pair).

   Beginning in Release 6.2, if there is an OEM-configured secure DSN suffix, it is reverted to and any post-provisioning DSN settings are erased.

Copyright © 2006-2022, Intel Corporation. All rights reserved.