The Intel® ME is the steam behind Intel Active Management Technology. Intel AMT is a component of the Intel vPro platform. It uses a number of elements in the Intel vPro platform architecture. The following figure shows the relationship between these elements.
The Intel AMT functionality is contained in the ME firmware (Manageability Engine Firmware).
- The firmware image is stored in the Flash memory.
- The Intel AMT capability is enabled using the Intel® Management Engine (Intel® ME) BIOS extension as implemented by an OEM platform provider. A remote application performs enterprise setup and configuration
- On power-up, the firmware image is copied into the Double Data Rate (DDR) random-access memory (RAM).
- The firmware executes on the Intel ME processor and uses a small portion of the DDR RAM (Slot 0) for storage during execution. RAM slot 0 must be populated and powered on for the firmware to run.
Intel AMT stores the following information in the Flash (ME Data):
- OEM-configurable parameters
- Setup and configuration parameters such as passwords, network configuration, certificates, and access control lists (ACLs)
- Other configuration information, such as lists of alerts and System Defense policies
- The hardware configuration captured by the BIOS at startup
- Intel AMT also manages third-party data storage (3PDS).The storage area can be allocated by independent software vendor (ISVs) for local storage of information critical to their applications.
- The Flash also contains the BIOS executable code (BIOS), as well as the executable code for the Intel® 82566DM Gigabit Network Connection (GbE Ntwk FW).
The Flash is protected against unauthorized host access by a hardware mechanism activated by the OEM during manufacturing.
The PCH (replaces MCH and ICH from pre Intel AMT 6.0) holds the filter definitions that are applied to incoming and outgoing in-band network traffic (the message traffic to and from the CPU). These include both internally-defined filters and the application filters defined by ISVs using the System Defense and Agent Presence capabilities.
The Intel® 82566 Gigabit Network Connection identifies out-of-band (OOB) network traffic (traffic targeted to Intel AMT) and routes it to the Intel ME instead of to the CPU. Intel AMT traffic is identified by dedicated IANA-registered port numbers.
The following elements interact with Intel AMT:
- The BIOS can be used to initialize Intel AMT or to reset it to its initial state. It captures platform hardware configuration information and stores it in NVM so that Intel AMT can make the information available out of band.
- The PCH sensor capability detects the state of various platform sensors, such as temperatures, fan status, and chassis integrity. Intel AMT can be configured to store and/or forward an alert when the state of any selected sensor changes or crosses a threshold.
- Software Agents (typically written by management ISVs) executing on the CPU can register with Intel AMT and report their presence to Intel AMT and to a management console using “heartbeats”. Intel AMT monitors the heartbeats and can take action when there is a problem with Agent execution.
- ISV Applications on the CPU can communicate locally with Intel AMT using dedicated drivers that are compatible with the host operating system.
Tags: heci driver, intel active management technology, management engine, intel me