Intel AMT Features > Remote Control > Use Cases > Set SOL/Storage Redirection and other Boot Options
CollapseAll image

Set SOL/Storage Redirection and other Boot Options

The following steps describe how to set various boot options, including defining a boot source. The steps presented are the recommended way for setting these values and are applicable to Intel AMT Release 3.2 and later releases.

1.  Get CIM_BootConfigSetting reference (see Retrieve the Boot Configuration Settings).

2.  Verify that the requested boot setting is supported by the Intel AMT (see Get the "Managed System" Boot Capabilities).

3.  Zero out the boot options or clear the boot source setting:

Zero boot options:

a.   Retrieve AMT_BootSettingData, where the “InstanceID” key equals “AMT_BootSettingData 0”.

b.   Set the value of all properties (except “InstanceID” and “ElementName”) to false and “0” and invoke AMT_BootSettingData.Put on the instance.

Clear boot source setting:

a.   Invoke CIM_BootConfigSetting.ChangeBootOrder with an empty array.

4.  Set a CIM_BootSourceSetting as the boot source for next boot by invoking CIM_BootConfigSetting.ChangeBootOrder (use an empty array to designate not using a boot source). To identify the boot source that you would like to select, enumerate CIM_BootSourceSetting.

The snippet below uses CD/DVD as the boot source.

Note: The ISV's PBA, HTTPS and WinRe boot sources are available in Intel One-Click Recovery from Intel CSME 15. Diagnostic boot was removed in Release 7.0.

Click here for a snippet demonstrating this step

See the General Info Get Core Version use case for the GetCoreVersion function.

You can execute this snippet by inserting it into the execution template found here.

  

$bootSettingDataRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_BootSettingData WHERE InstanceID='Intel(r) AMT:BootSettingData 0'")

$bootSettingDataInstance =$bootSettingDataRef.Get()

$bootSettingDataInstance.SetProperty("BIOSPause","false")

$bootSettingDataInstance.SetProperty("BIOSSetup","false")

$bootSettingDataInstance.SetProperty("BootMediaIndex","0")

$bootSettingDataInstance.SetProperty("ConfigurationDataReset","false")

$bootSettingDataInstance.SetProperty("FirmwareVerbosity","0")

$bootSettingDataInstance.SetProperty("ForcedProgressEvents","false")

$bootSettingDataInstance.SetProperty("IDERBootDevice","0")

$bootSettingDataInstance.SetProperty("LockKeyboard","false")

$bootSettingDataInstance.SetProperty("LockPowerButton","false")

$bootSettingDataInstance.SetProperty("LockResetButton","false")

$bootSettingDataInstance.SetProperty("LockSleepButton","false")

$bootSettingDataInstance.SetProperty("ReflashBIOS","false")

$bootSettingDataInstance.SetProperty("BIOSSetup","false")

$bootSettingDataInstance.SetProperty("UseIDER","false")

$bootSettingDataInstance.SetProperty("UseSOL","false")

$bootSettingDataInstance.SetProperty("UseSafeMode","false")

$bootSettingDataInstance.SetProperty("UserPasswordBypass","false")

$bootSettingDataRef.Put($bootSettingDataInstance)

 

$bootConfigSettingRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_BootConfigSetting WHERE InstanceID='Intel(r) AMT: Boot Configuration 0'")

$bootSourceSettingRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_BootSourceSetting WHERE InstanceID='Intel(r) AMT: Force CD/DVD Boot'")

$inputObject =$bootConfigSettingRef.CreateMethodInput("ChangeBootOrder")

$fwVersion = GetCoreVersion

if($fwVersion.ToString() -lt "5.1")

{

    $inputObject.SetProperty("source", @($bootSourceSettingRef))

}

else

{

    $inputObject.SetProperty("Source", @($bootSourceSettingRef))

}

$outputObject =$bootConfigSettingRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

Starting in Release 8.1, the Secure Boot option was added to enable or disable a reboot performed via Storage Redirection. This is represented by AMT_BootSettingData.EnforceSecureBoot. In order to change the EnforceSecureBoot value to ‘true’, the firmware image must enable BIOS secure boot. When set to ‘true’ the enforce secure boot is enabled and, as a result, a Storage Redirection reboot will not be possible.

 Note:

Intel AMT does not support the optional multiple device fallbacks capability as described in the Boot Control profile (CIM_BootSourceSetting.FailThroughSupported is set to “Is Not Supported”). Therefore, the first reference provided in the input array of CIM_BootConfigSetting.ChangeBootOrder will be relevant to the boot process, and any additional references will be ignored.

Click here for a snippet demonstrating this step

$bootSettingDataRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_BootSettingData WHERE InstanceID='Intel(r) AMT:BootSettingData 0'")

$bootSettingDataInstance =$bootSettingDataRef.Get()

$fwVersion = GetCoreVersion

if($fwVersion.ToString() -gt "8.0")

{

   $bootSettingDataInstance.SetProperty("EnforceSecureBoot","true")

}

$bootSettingDataRef.Put($bootSettingDataInstance)

 

Starting in Release 11.0, the Secure Erase option was added to the reboot settings. This option securely erases the content of the primary or boot drive of the machine. It is activated by setting the AMT_BootSettingData.SecureErase variable to ‘true’ and rebooting the machine.

The Remote Secure Erase option is part of the drive’s Security Features, which are enabled when a User Password is set; however, Remote Secure Erase itself demands authentication with the drive’s Master Password. Each of these passwords can be set using the target system’s BIOS menu, normally in the HDD Security Configuration Menu, which is found under the Boot Maintenance Manager Menu.

Store the Master Password in the AMT_BootSettingData.RSEPassword write-only variable. It is recommended that this variable be set over a TLS network connection.

If the Secure Erase option is activated, the remote system’s BIOS will retrieve the Master Password from the RSEPassword variable and use it to erase the content of the drive. A console message indicating “Secure Erase Successful” will be displayed when erasure of the drive is complete. The success or failure of the reboot, as well as the reason for any errors, can be determined by accessing the AMT_BootSettingData.BIOSLastStatus variable.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_ComputerSystem instance.

$bootSettingDataRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_BootSettingData WHERE InstanceID='Intel(r) AMT:BootSettingData 0'")

$bootSettingDataInstance =$bootSettingDataRef.Get()

$fwVersion = GetCoreVersion

if($fwVersion.ToString() -gt "11.0")

{

   $bootSettingDataInstance.SetProperty("SecureErase","true")

}

$bootSettingDataRef.Put($bootSettingDataInstance)

 

 

 

5.  Set the requested configuration, based on an instance of AMT_BootSettingData: Using the instance retrieved  and modified in step 3, select the desired boot configuration option and invoke AMT_BootSettingData.Put.

6.  Set the boot configuration to be used for the next boot. See Set or Disable Boot Configuration Settings for the Next Boot.

Additional Information

The fields of AMT_BootSettingData in the list below cannot be set to true if the CIM_BootSourceSetting is set for the associated CIM_BootConfigSetting and vice versa:

   UseSOL

   ReflashBIOS

   BIOSSetup

   BIOSPause

   UseIDER

Following step 3 in this use case (clearing all options before setting the desired ones) should prevent this kind of collision.

If steps 4 and 5 are performed standalone in a way that is inconsistent with the field settings, then an error will result that varies with the Intel AMT release.

   For Intel AMT 6.0:

If the boot configuration is set for next use (step 6 was performed before steps 4 and 5) the failure will happened when trying to set the false configuration.

If the configuration was not set yet for use, the failure will happened only when setting the configuration for use step 6). In this case the configuration is still in a false state.

   Releases earlier than 6.0.

The failure will happen with step 4 or step 5 at the moment when the configuration is set to false configuration, whether the boot configuration was set for use or not.

Instance Diagram

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.