Differences between revisions 1 and 9 (spanning 8 versions)
Revision 1 as of 2018-01-16 10:03:15
Size: 2192
Comment: Intel Active Management Technology (AMT)
Revision 9 as of 2018-01-17 11:29:05
Size: 4425
Comment:
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
See also the `Wikipedia article <https://en.wikipedia.org/wiki/Intel_Active_Management_Technology>`_. See also Wikipedia articles on:
Line 16: Line 16:
* `Intel AMT <https://en.wikipedia.org/wiki/Intel_Active_Management_Technology>`_.
* Intel vPro_
* ME_ (*Intel Management Engine*)

.. _vPro: https://en.wikipedia.org/wiki/Intel_vPro
.. _ME: https://en.wikipedia.org/wiki/Intel_Management_Engine
Line 17: Line 23:

AMT firmware updates
====================

A number of security holes in AMT firmware have been reported.
If you have activated AMT_, it is **mandatory** to install the latest AMT_ firmware updates from your PC vendor.

A partial list of AMT_ security holes:

* INTEL-SA-00086_
* CVE-2017-5689_ (see INTEL-SA-00075_)
* CVE-2017-5705_ (and 5706-5711)

.. _INTEL-SA-00086: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
.. _CVE-2017-5689: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689
.. _CVE-2017-5705: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5705
.. _INTEL-SA-00075: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Management Engine BIOS Extension (MEBX)
=======================================

Intel ME_ configuration is included in the BIOS by the Intel ® Management Engine BIOS Extension (Intel MEBX_).
The Intel MEBX_ provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.

.. _MEBX: https://www.intel.com/content/www/us/en/support/articles/000006720/boards-and-kits/desktop-boards.html

Accessing MEBX
--------------

If the PC has AMT_ hardware, you can enter the MEBX_ setup just after the POST start-up by pressing::

  Control-P

This option is usually not displayed on the PC boot screen.

MEBX password
-------------

When creating an MEBX_ **admin password**, it is important to note that the BIOS will interpret keystrokes assuming a **US keyboard layout**.

The documented **default password** for user *admin* is also *admin*.
If AMT_ is enabled, this password must be changed.

Since non-alphanumeric characters are required in MEBX passwords, it is important to take note the actual characters typed into the BIOS,
since they may be different when you login to the AMT_ from a web-browser or other tool!
In BIOS setup, a **US keyboard layout** is assumed.
Line 20: Line 72:

Intel Active Management Technology (AMT)

About AMT

Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Core™ processors with Intel® vPro™ technology1,2 and workstation platforms based on select Intel® Xeon® processors. Intel® AMT uses integrated platform capabilities and popular third-party management and security applications, to allow IT or managed service providers to better discover, repair, and help protect their networked computing assets. Intel® AMT also saves time with remote maintenance and wireless manageability for your mobile workforce, and secure drive wiping to simplify PC lifecycle transitions.

See also Wikipedia articles on:

AMT firmware updates

A number of security holes in AMT firmware have been reported. If you have activated AMT, it is mandatory to install the latest AMT firmware updates from your PC vendor.

A partial list of AMT security holes:

Management Engine BIOS Extension (MEBX)

Intel ME configuration is included in the BIOS by the Intel ® Management Engine BIOS Extension (Intel MEBX). The Intel MEBX provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.

Accessing MEBX

If the PC has AMT hardware, you can enter the MEBX setup just after the POST start-up by pressing:

Control-P

This option is usually not displayed on the PC boot screen.

MEBX password

When creating an MEBX admin password, it is important to note that the BIOS will interpret keystrokes assuming a US keyboard layout.

The documented default password for user admin is also admin. If AMT is enabled, this password must be changed.

Since non-alphanumeric characters are required in MEBX passwords, it is important to take note the actual characters typed into the BIOS, since they may be different when you login to the AMT from a web-browser or other tool! In BIOS setup, a US keyboard layout is assumed.

IT-wiki: Intel_AMT (last edited 2018-01-26 14:00:06 by OleHolmNielsen)