[ad_1]
I’m transferring the query on the request of the moderator.
—
Good day,
We’re implementing AMT provisioning on our personal with no answer like EMA.
We encountered an issue whereas implementing Safe Host-Based mostly Configuration to assist CSME 19 or increased.
1. Registered the AMT CA certificates.
> rpc amtinfo
Model : 15.0.47
Construct Quantity : 2521
SKU : 16392
Options : AMT Professional Company
Management Mode : pre-provisioning state
DNS Suffix : 192.168.1.10
> rpc amtinfo -cert
—Certificates Hashes—
…
Our AMT CA (Lively)
SHA256: cabc80186952320c73691e6c4d62379a7d9a52ca246e34881b83ad1a51b9ac12
2. StartConfigurationHBased
StartConfigurationHBased was known as as follows.
StartConfigurationHBased(
ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA256,
ServerCertHash [SHA_512_KEY_SIZE]byte = SHA 256 HASH of Provisioning Certificates,
HostVPNEnable = False,
SuffixListLen = 0,
NetworkDnsSuffixList [320]byte
)
3. The Provisioning server is related to 127.0.0.1:16993.
However TLS Handshake Failure.
– Each the provisioning certificates and the CA certificates have been despatched.
– The hashes of the CA certificates and provisioning certificates are the identical as these despatched in steps 1 and a pair of.
Provisioning Certificates:
Certificates:
Information:
Model: 3 (0x2)
Serial Quantity:
01:8d:7c:e8:91:6a:64:14:68:54:96:b8:98:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Our AMT CA, C = KR
Validity
Not Earlier than: Feb 6 05:33:52 2024 GMT
Not After : Feb 3 05:33:52 2034 GMT
Topic: CN = 192.168.1.10, OU = Intel(R) Shopper Setup Certificates
Topic Public Key Data:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Primary Constraints: essential
CA:FALSE
X509v3 Key Utilization: essential
Digital Signature, Non Repudiation, Key Encipherment, Key Settlement
X509v3 Prolonged Key Utilization: essential
TLS Net Server Authentication, 2.16.840.1.113741.1.2.3
X509v3 Topic Different Identify:
DNS:192.168.1.10
X509v3 Topic Key Identifier:
58:CE:02:47:70:49:8C:C1:7B:DB:9E:FA:DE:C0:3D:8D:76:9A:5C:CA
X509v3 Authority Key Identifier:
B7:FE:10:B2:C9:C8:E8:64:92:6E:17:D5:21:B1:40:72:66:A7:CF:89
Netscape Cert Sort:
SSL Server
Signature Algorithm: sha256WithRSAEncryption
Signature Worth: ...
Here’s a pattern mission that may be run standalone on a vPro PC: https://github.com/jclab-joseph/intel-vpro-hbased-problem-01
You possibly can check it after registering the certificates with setup.bin.
>amt-test.exe
2024/02/07 10:24:32 AMT Model: 15.0.47
2024/02/07 10:24:32 DNS SUFFIX: amt-provisioning.check.com
2024/02/07 10:24:32 StartConfigurationHBased: AMT Cert Hash: 6d802ab34996d397a9b4ebf901edf0c38a9fa7b997917732aaf8de82bc0ad1bb0000000000000000000000000000000000000000000000000000000000000000
2024/02/07 10:24:33 tcp related. begin mtls...
2024/02/07 10:24:34 RECEIVED AMT HASH : 6d802ab34996d397a9b4ebf901edf0c38a9fa7b997917732aaf8de82bc0ad1bb
2024/02/07 10:24:34 RECEIVED AMT HASH **MATCHED** :)
2024/02/07 10:24:34 tls handshake failed: distant error: tls: unknown certificates
[ad_2]