The unconfiguration process has certain prerequisites, depending on the version of Intel AMT.
Prior to Release 8.0
When auditing is enabled, performing the steps that return the Intel AMT to an unconfigured state erases the audit log. To make sure that events in the log are not lost, the Auditor must coordinate with a user with administrator permissions to complete the process. The sequence of events is:
1. The Auditor locks the audit log.
2. The Auditor requests an audit log signature.
3. The Auditor exports the log contents.
4. The Auditor locks the log again, this time using the UNPROVISIONING_LOCK value in the Flag parameter of the AMT_AuditLog.SetAuditLock method.
5. The admin can now perform the unconfiguration.
• Note that the SetAuditLock method has a time limit parameter. If the audit log lock times out, the log will be enabled and unconfiguration will not be permitted.
• If Intel AMT is in Client Control mode, the unconfiguration will succeed, even if the Auditor is blocking unconfiguration.
If Auditor is defined, the Auditor must participate in the unconfiguration process - by performing the steps above. Returning to an unconfigured state does not erase the audit log. When the unprovisioning flow begins, the unprovisioning event is written to the audit log. Reading the audit log is enabled in an unconfigured state.
Relase 12.0 and later
The unprovision command no longer requires the audit log to be locked with UNPROVISIONING_LOCK. The Auditor can therefore no longer block AMT unprovisioning, even in Admin Control Mode.
Copyright © 2006-2022, Intel Corporation. All rights reserved.