Setup and Configuration of Intel AMT > Setup and Configuration Methods > Setup and Configuration Using Embedded Host Based Configuration

Setup and Configuration Using Embedded Host Based Configuration

Embedded Host Based Configuration (EHBC) is a feature added in Release 9.0 (and then back ported to 8.1 for backward compatibility) to enable remote setup and configuration of a headless system where there is no user to provide consent for remote management.

EHBC is based on Host-Based Setup and Configuration with no restrictions like ACM mode; in particular there is no need for user consent.

 Deprecation Notice:

The Embedded Host Based Configuration (EHBC) feature is being deprecated. Starting from Intel CSME 15.0.35.1879, Intel CSME 16.0 and Intel CSME 17.0 firmware, the feature will no longer be available.

 Note:

EHBC is disabled by default and enabled only by manufacturing tools at manufacturing based on request from embedded customers upon an acknowledgement of the understanding of the security risks inherent to EHBC and its deployment recommendations.

The EHBC option reduces the cost and complexity for embedded customers who want to configure their embedded Intel AMT machines with admin control.

EHBC could be considered as HBC ACM with the skipping of certificates checking for legitimacy, where the legitimacy and security are established by performing the provisioning in a controlled environment.

The process that is required to configure EHBC when it is enabled in the FW is the same as described in Perform Local Setup Directly to Admin Control Mode except  for the following two changes:

   No need to supply certificates chain by IPS_HostBasedSetupService.AddNextCertInChain  method.  If certificates are used, the certificates are supplied only to identify who was the last user to provision the machine.

   A call to IPS_HostBasedSetupService.AdminSetup  should be called with just the following parameters:

Property

Value

NetAdminPassEncryptionType

2 (HTTP Digest MD5)

NetworkAdminPassword

The password hash

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.