| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| amttool | 2012-10-01 | 140.9 kB | |
| README.txt | 2012-10-01 | 4.0 kB | |
| Totals: 2 Items | 144.9 kB | 0 | |
Ver. 1.6.5
* Added command 'pwr_save' to configure AMT Power Saving
* Added command 'uuser' for User Access Control AMT Interface
* Added 'AMT_VERSION' environment variable (to skip online AMT version check)
Ver. 1.6.2
* Added support for Redirection AMT Interface
* Added command 'security' for a subset of Security AMT Interface
Ver. 1.6
* Added support for 'Access Monitor/Audit' AMT service
* Added support for non-standard AMT-service port number
* Added command 'net vlan'
# fixed 'time' command for iAMT ver. 1.x
# http-proxy usage documented on the help screen
# debug changes:
# debug output now works for all requests
# debug out for replies added (with <-dd|--ddebug> parameter)
# 'xmllint' (libxml2-utils package) don't need any more for debug output
# improved output on request faults
# fixed 'System UUID' value in the 'info general' output
Ver. 1.5
* Supported new AMT service: Hardware asset data
# General info: 'Code Versions' string added
Debian package dependencies
Required:
libsoap-lite-perl, libtimedate-perl, libdigest-md5-file-perl, libmime-base64-urlsafe-perl, libmath-bigint-gmp-perl
Suggested:
=== Audit Key & Cert Generation ===
There is the help page on the Intel site for the scripts from the AMT SDK:
http://software.intel.com/en-us/blogs/2012/01/18/how-to-create-amt-certificates-using-the-amt-sdk-and-openssl/
Example of keys & cert creation.
You should refer to openssl manual to make this working.
Root CA generation (if don't have it)
Command:
openssl req -config root_ca_gen.cfg -new -x509 -keyout root_ca_private.pem -out root_ca_cert.pem
Required Config options for 'root_ca_gen.cfg':
[ req ]
default_bits = 512
default_md = sha1
default_keyfile = ...
encrypt_rsa_key = no
distinguished_name = ...
[ <dist_name> ]
...
Subordinate CA request gen and sign (if don't have it)
Commands:
openssl req -config sub_ca_req.cfg -new -keyout sub_ca_private.pem -out sub_ca_cert.req
openssl ca -config root_ca.cfg -policy policy_anything -extensions v3_ca -in sub_ca_cert.req -out sub_ca_cert.pem
Required Config options for 'sub_ca_req.cfg':
[ req ]
default_bits = 512
default_md = md2
default_keyfile = ...
encrypt_rsa_key = no
distinguished_name = ...
req_extensions = v3_ca
[ <distin_name> ]
...
[ v3_ca ]
basicConstraints=CA:TRUE
Required Config options for 'root_ca.cfg':
...
[ <default ca section> ]
...
default_md = md5
...
[ usr_cert ]
...
authorityKeyIdentifier=keyid,issuer:always
...
[ v3_ca ]
...
authorityKeyIdentifier=keyid,issuer:always
...
Audit Key Generation for AMT-Device
Commands:
openssl req -config SecConfig/Auditor.cfg -newkey rsa:2048 -keyout audit_key.pem -out audit_cert.req
openssl ca -config sub_ca.cfg -policy policy_anything -in audit_cert.req -out audit_cert.pem
Required Config options for 'key.cfg':
[ req ]
encrypt_rsa_key = no
default_md = md2
default_keyfile = ...
distinguished_name = ...
keyUsage = digitalSignature
[ <distin_name> ]
...
dnQualifier = ...
dnQualifier_value = ...
Required Config options for 'sub_ca.cfg':
[ <default ca section> ]
unique_subject = no
default_md = md5
[ policy_match ]
dnQualifier = supplied
[ policy_anything ]
dnQualifier = optional
[ usr_cert ]
keyUsage = digitalSignature
authorityKeyIdentifier=keyid,issuer:always
[ v3_ca ]
authorityKeyIdentifier=keyid,issuer:always
'audit keys' command requres the next files (from the example above):
audit_key.pem, audit_cert.pem, sub_ca_cert.pem
