User Guide - Support Technique AURES
Contents
1. IPUB Feature Selection IPUB Interface ID Type IPUB Interface ID Previous Menu Interface ID ESCI Exit CENTER Submit 3 5 5 2 20 Previous Menu Under the Wireless LAN IPV6 Configuration 1 Select Previous Menu 2 Press Enter The Wireless LAN IPV6 Configuration menu changes to the TCP IP Settings menu 3 5 5 2 21 Previous Menu Under the TCP IP Settings menu 1 Select Previous Menu 68 Intel Confidential Intel ME Manageability Features n tel 2 Press Enter The TCP IP Settings menu changes to the Intel ME Network Setup menu 3 5 5 3 Previous Menu Under the Intel ME Network Setup menu 1 Select Previous Menu 2 Press Enter The Intel ME Network Setup menu changes to the Intel AMT Configuration menu 3 5 6 Activate Network Access Under the Intel AMT Configuration menu 1 Select Activate Network Access 2 Press Enter 3 Press Y to activate or press N to cancel Figure 48 Activate Network Access Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 SOL IDER KUM User Consent Password Policy Network Setup Activate Network Access Unconfigure Network Access Remote Setup And Configuration Previous Menu ESC Exit tl Select ENTER Access Activates the current network settings and opens the Intel R ME network interface2. e Intel amp ME Manageability Features n tel Figure 52 Remote Setup and Configuration Intel R Management Engine BIOS Extension v 6 6 6643 Intel R ME v 6 6 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved urrent Provisioning Mode Provisioning Record RCFG gt Provisioning Server IPV4 IPU6 Provisioning Server FQDN TLS PSK gt TLS PKI gt Previous Menu ESC Exit tl1 Select ENTER Access 3 5 8 1 Current Provisioning Mode Under Intel Automated Setup and Configuration 1 Select Current Provisioning Mode 2 Press Enter Intel Confidential 73 intel Intel ME Manageability Features Figure 53 Current Provisioning Mode Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 18982 Copyright C 2663 69 Intel Corporation All Rights Reserved CESC1 Exit 1 Current Provisioning Mode Provisioning Record RCFG gt Provisioning Server IPU4 IPU6 Provisioning Server FQDN TLS PSK gt TLS PKI gt Previous Menu tl Select ENTER Access Provisioning Mode PKI 3 5 8 2 74 Current Provisioning Mode Displays the current provisioning TLS Mode None PKI or PSK Provisioning Record Under Intel Automated Setup and Configuration 1 Select Provisioning Record 2 Press Enter Intel Confidential Intel ME Manageability Features intel Figure 54 Provisioning record CESC1
3. Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Hash Name PAE Lab Certificate Hash Data ABCD 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD 1234 Default 1 Active Hash GTE Balti Cybertrust Global Root Verizon Global Root Entrast net CA 2648 Entrast Root CA VeriSign Universal Root CA PAE Lab Certificate ESC 1 Exit CINS 1 Add CDEL1 Del 1 fictive ENTER1 Uieu 3 5 8 7 8 3 5 8 8 The details of the selected certificate hash are displayed to the user and include the following e hash name e certificate hash data e active and default states Previous Menu Under the Intel Remote Configuration screen 1 Select Previous Menu 2 Press Enter The Intel Remote Configuration screen changes to the Intel Automated Setup and Configuration screen Previous Menu Under the Intel Automated Setup and Configuration screen Intel Confidential 97 3 5 9 3 6 i n tel Intel ME Manageability Features 1 Select Previous Menu 2 Press Enter Intel Automated Setup and Configuration screen changes to the Intel AMT Configuration screen Previous Menu Under the Intel Amt Configuration screen 1 Select Previous Menu 2 Press Enter The Intel Amt Configuration screen changes to
4. i n tel Intel ME Manageability Features 3 5 8 3 76 Indicates whether the setup and configuration process was initiated by the host No indicates that the setup and configuration process was NOT host initiated Yes indicates the setup and configuration process was host initiated PKI only e Hash Data Displays the 40 character certificate hash data PKI only e Hash Algorithm Describes the hash type Currently only SHA1 is supported PKI only e IsDefault Displays Yes if the Hash algorithm is the default algorithm selected Displays No if the hash algorithm is NOT the default algorithm used PKI only e FQDN FQDN of the provisioning server mentioned in the certificate PKI only e Serial Number The 32 character string that indicates the Certificate Authority serial numbers e Time Validity Pass Indicates whether the certificate passed the time validity check RCFG Under Intel Automated Setup and Configuration 1 Select RCFG 2 Press Enter The Intel Automated Setup and Configuration screen changes to the Intel Remote Configuration screen Intel Confidential e Intel amp ME Manageability Features n tel Figure 55 Intel Remote Configuration screen Intel R Management Engine BIOS Extension v 6 86 6643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Start Configuration Previous Menu ESC 1J Exit tl1 Sel
5. The screen changes to the Intel AMT Configuration screen Password Policy Under the Intel AMT Configuration screen 1 Select Password Policy 2 Press Enter Intel Confidential Intel ME Manageability Features n tel The password policies are displayed as follows Figure 19 Password Policy Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Manageability Feature Selection SOL IDER KUM User Consent Network Setup Unconfigure Network Access Remote Setup And Configuration Previous Menu ESC 1 Exit tl1 1 Select ENTER Access Default Password Onl During Setup And Configuration Anytime There are two passwords for the firmware The Intel MEBX password is the password that is entered when a user is physically at the system The network password is the password that is entered when accessing an Intel ME enabled system through the network By default they are both the same until the network password is changed via the network Once changed over the network the network password will always be kept separate from the local Intel MEBX password This option determines when the user is allowed to change the Intel MEBX password through the network Note The Intel MEBX password can always be changed via the Intel MEBX user interface Options Default Password Only The Intel MEB
6. 1 Manageability Feature Selection SOL IDER KUM User Consent Password Policy Network Setup Remote Setup And Configuration Previous Menu CESCJ Exit tl Select ENTER Access Partial Unprovision Full Unprovision The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041 This is the default Partial Unprovision The IPv6 Interface ID is automatically generated using the MAC address 1 Select Full Unprovision 2 Press Enter 1 select Partial Unprovision 2 Press Enter The following screen appears Intel Confidential 71 i n tel Intel amp ME Manageability Features Figure 51 Unconfigure Network Access Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Manageability Feature Selection SOL IDER KUM User Consent Password Policy Network Setup Remote Setup And Configuration Previous Menu ESC J Exit tl Select ENTER Access Full Unprovision Partial Unprovision 3 5 8 72 Remote Setup and Configuration Under Intel AMT Configuration 1 Select Remote Setup and Configuration 2 Press Enter The Intel AMT Configuration screen changes to the Intel Automated Setup and Configuration screen Note The following list is displayed when Intel AMT is in pre provision mode Intel Confidential
7. Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Intel MEBX Configuration User Interface Main Menu esee 15 Intel ME Platform Configuration iiesetsvancatearianinorniaramatieiwamieanicuess 17 Change Intel ME Password quxsdssterekodnescad kx npe aS dud tn ADQU pO a Ms td ROPA 18 EW Update Settings ic eei tte ee eee t e eke andi anes cate RAE GR ER TR TRUE 19 local BUE mE 20 cdd ec 21 Me I Iieoi gel m 23 Intel ME ON in Host Sleep States uite doa E D s EE ads 24 Idle THM COU EM 26 Manageability Feature Selection sss 27 Username and Password 0cccecscececeeceeceseneandeneeeceeneeeesaenseaneeaeanaesseness 29 cll nu n 30 pz OEMMRTMUST 31 Legacy Redirection Mode tuerit ec erp caver edinaeddasaractentencciedan tants 32 Legacy Redirection Mode notification esses 33 A 34 Yser OPEIN M 36 Opt in Configurable from remote IT sss nennen 37 PasSWOrdiRONiCy 24 355 ax EEr adii arRcRtidi etu dane MN SERE ARR ATA cmd Rad 39 Intel ME Network Setup uui
8. To select Enabled 1 Select Enabled ID 2 Press Enter SOL Under the SOL IDER KVM screen Intel Confidential 29 i n tel Intel amp ME Manageability Features 1 Select SOL 2 Press Enter Figure 12 SOL Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Username and Password BOL IDER Legacy Redirection Mode KUM Previous Menu CESC1 Exit tl1 Select ENTER Access 1 Disabled x Enabled SOL allows the console input output of an Intel AMT managed client to be redirected to a management server console if the client system supports SOL If the system does not support SOL this value cannot enable it The following options can be selected Disabled SOL is disabled Enabled SOL is enabled To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled ID 2 Press Enter Note disabling SOL does not remove this feature but just blocks it from being used Intel Confidential m e Intel amp ME Manageability Features n tel 3 5 2 3 IDER Under the SOL IDER KVM screen 1 Select IDER 2 Press Enter Figure 13 IDER Intel R Management Engine BIOS Extension v 8 80 0643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Username and Password SOL Legacy Redirection Mod
9. 3 If no action is perfromed by End User for 10 seconds Intel MEBX will follow up assuming End User accepted CPU change Platform global reset will follow in which Intel ME will populate new feature set to whole ME infrastructure kernel and all applications based on modified CPU type Note Two resets might be observed as the 2nd reset is due to the SOL IDER setting changed when changing occurs between vPro CPU and non vPro CPU Please refer to Appendix C for different causes to global reset Figure 86 Intel MEBX CPU Replacement popup message Intel R Management Engine BIOS Extension v7 8 8 80846 Copyright C 2883 89 Intel Corporation All Rights Reserved CPU Replacement Has Detected Some System Features Will Be Disabled Press Y to Continue System Will Go Through Reset to Complete CPU Change Otherwise Shutdown the Platform and Replace Original CPU Intel Confidential 105 i n te Intel ME Manageability Features Appendix A Changes to Configuration Modes In Intel AMT 5 0 and under there were two operational modes SMB and Enterprise In Intel AMT 6 0 and AMT 7 0 their functionality has been integrated to provide the same functionality previously available in Enterprise mode The new configuration options are Manual Setup and Configuration available for SMB customers and Automatic Setup and Configuration Figure 57 Configuration Modes Disabled can be TLS mode Enabled Disabled enabled at
10. Cont inue Y N Intel Confidential 69 i n tel Intel ME Manageability Features Activate Network Access causes the Intel ME to transition to the POST provisioning state if all required settings are configured Without Activating Network Access ME will not be able to connect to the network Note Power policy will change to PP2 after activating if the default power policy is set to PP1 3 5 7 Unconfigure Network Access 70 Under the Intel AMT Configuration menu 1 Select Unconfigure Network Access 2 Press Enter Note This will cause Intel ME to transition to the PRE provisioning state Figure 49 Unconfigure Network Access Intel R Management Engine BIOS Extension v 7 8 8 8843 Intel R ME v 8 8 18982 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Manageability Feature Selection SOL IDER KUM User Consent Password Policy Network Setup Unconfigure Network Access Remote Setup And Configuration Previous Menu ESC1 Exit tl 1 Select ENTER Access Resets network settings including network ACLs to factory defaults Cont inue Y N 3 Select Y to unconfigure The following screen appears Intel Confidential e Intel amp ME Manageability Features n tel Figure 50 Unconfigure Network Access Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved
11. Intel Confidential e Intel amp ME Manageability Features n tel that is sent A ping to the Intel ME will also cause the Intel ME to go into an MO or M3 state The Intel ME takes a short time to transition from the M off state to the MO or M3 state During this time Intel AMT will not respond to any Intel ME commands When the Intel ME has reached the MO or M3 state the system will respond to Intel ME commands Table 1 Supported Power Packages ON ME WoL ON ME WoL 3 4 4 2 Idle Time Out Under Intel ME Power Control 1 Select Idle Time Out 2 Press Enter Intel Confidential 25 i n tel Intel amp ME Manageability Features Figure 9 Idle Timeout Intel R Management Engine BIOS Extension v 8 86 6643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved L 1 Intel R ME ON in Host Sleep States Idle Timeout Previous Menu Timeout Value 1 65535 1 L ESC Exit CENTER Submit This setting is used to enable the Intel ME Wake on and to define the Intel ME idle timeout in M3 state The value should be entered in minutes The value indicates the amount of time that the Intel ME is allowed remain idle in M3 before transitioning to the M off state Note If the Intel ME is in MO it will NOT transition to M off 3 4 4 3 Previous Menu Under Intel ME Power Control 1 Select Previous Menu 2 Press Enter The
12. The Intel ME provides the following IT management features independent of the installed OS e Intel Active Management Technology Intel AMT 7 0 allowing improved management of corporate assets Intel ME configuration is included in the BIOS by the Intel Management Engine BIOS Extension Intel MEBX The Intel MEBX provides the ability to change and or collect the system hardware configuration passes it to the management firmware and provides the Intel ME configuration user interface Scope of document This document describes how to configure the Intel MEBX for Intel 6 Series Chipset Family Intel PCH platforms with Intel AMT 7 0 The Intel ME configuration procedures described in this guide are part of the larger Intel vPro technology activation and provisioning process These configuration procedures can vary significantly or be performed automatically and depend on which third party management console you are using See the Related Documentation section of this guide section 1 5 for a list of Intel authored provisioning guides that are specific to several popular management consoles These provisioning guides provide the end to end process for provisioning your Intel vPro computers with the specified management console and may or may not include references to the Intel ME manual configuration procedures in this guide depending on which provisioning model is used Intel Confidential 9 Introduction
13. To comply with ENERGY STAR and EUP LOT6 requirements the Intel ME can be turned off in various sleep states The Intel ME Power Control menu configures the Intel ME platform power related policies Intel Confidential 23 i n tel Intel ME Manageability Features 3 4 4 1 Intel ME ON in Host Sleep States 24 Under Intel ME Power Control 1 Select Intel ME ON in Host Sleep States 2 Press Enter 3 Move the Up Down arrow key to select the desired power policy 4 Press Enter Figure 8 Intel ME ON in Host Sleep States Intel R Management Engine BIOS Extension v7 8 8 8843 Intel CR ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Intel R ME ON in Host Sleep States Idle Timeout Previous Menu ESC 1 Exit tl 1 Select ENTER Access I 1 Mobile ON in S8 Mobile ON in S8 ME Wake in 53 54 5 AC only The selected power package determines when the Intel ME is turned ON The default power package can be modified by using FITC or by FPT The end user administrator can choose which power package to use depending on the systems usage The table below illustrates the details of the power packages With Intel ME WoL after the time out timer expires the Intel ME remains in the M off state until a command is sent to the ME After this command has been sent the Intel ME will transition to an MO or M3 state and will respond to the next command
14. Try Again is displayed When you press Enter you are prompted to set the active state of the hash Figure 75 Add Hash active Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Enter Set this hash certificate as active Y N ESC 1 Exit CENTER Submit Your response sets the active state of the customized hash as follows e Yes The customized hash will be marked as active e No Default The customized hash will added to the EPS but will not be active 3 5 8 7 5 Deleting a hash Note A certificate hash that is set to Default cannot be deleted When the Delete key is pressed in the Manage Certificate Hash screen the following screen is displayed 94 Intel Confidential Intel ME Manageability Features Figure 76 Deleting a hash intel Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved i Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Hash Name Active Default GTE CyberTrust Global Root x x Baltimore CyberTrust Root x x Cyb Uer Ent Delete this certificate hash Y N Ent Ver PAE Lab Certificate Algorithm Type SHR1 SHA1 ESC Exit CINS1 Add CDEL1 Del 1 fictive ENTE
15. inte 1 3 Target Audience This user guide is primarily intended for Information Technology IT administrators and system integrators with experience in implementing complex computer and network installations It is not intended for general audiences Note Readers should have a basic understanding of networking and computer technology terms such as TCP IP DHCP IDE DNS Subnet Mask Default Gateway and Domain Name Explanation of these terms is beyond the scope of this document 1 4 Acronyms ASF Alert Standard Format Basic Input Output System Dynamic Host Configuration Protocol Domain Name Server EIT Embedded Information Technology see VA EPS VA Private Store Intel s VA Specific Store in an ME owned flash area separate from 3PDS The size is one 1 physical page 4K bytes Complete Power loss AC power plug pulled GbE Gigabit Ethernet Greenwich Mean Time HBP Host Based Provisioning Intel Active Management Technology Intel Management Engine Intel Management Engine BIOS Extension Intel Management Engine Interface PP Internet Protocol Local Area Network z n v Manageability Service Provider OPK OEM Pre Installation Kit Operating system uU PRTC Protected Real Time Clock 10 Intel Confidential Introduction 1 5 Acronym RCFG Uu A w Ww uo SPI Uu z lt c a ll U C lt J Description Remote Configuration Standby sleep state Hibernate sleep s
16. 1 ocal FH Update Previous Menu ESC J Exit tl1 1 Select ENTER Access 3 4 2 1 Local FW Update Under the FW Update Settings 1 Select Local FW Update 2 Press Enter Intel Confidential 19 i n tel Intel amp ME Manageability Features Figure 5 Local FW Update Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1882 Copyright C 2883 89 Intel Corporation All Rights Reserved L 1 ocal FH Update Previous Menu ESC J Exit tl1 Select CENTER Access 1 Disabled Enabled Password Protected Intel ME Firmware Local Update provides the capability to allow or prevent firmware local update in the field When the Enabled option is selected the IT admin is able to update the Intel Intel ME firmware locally via the local Intel Management Engine interface or via the local secure interface The following options can be selected Disabled Do NOT allow Local Intel ME FW Update Enabled Allow Local Intel ME FW Update Password Protected Local FW update is protected by MEBx password To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled Intel Confidential Intel ME Manageability Features n tel 2 Press Enter To select Password Protected 1 Select Password Protected 2 Press Enter 3 4 2 2 Previous Menu Under the FW Update Settings screen 1 Se
17. AMT partial unprovision 3 5 8 6 3 This option deletes the current PID and PPS stored in Intel ME If the PID and PPS were not entered previously the Intel MEBX will return an error message To delete the PID and PPS entries select Y else N Previous Menu Under the Intel Remote Configuration screen 1 Select Previous Menu 2 Press Enter The Intel Remote Configuration changes to the Intel Automated Setup and Configuration screen Intel Confidential 85 m e i n tel Intel amp ME Manageability Features 3 5 8 7 TLS PKI Under Intel Automated Setup and Configuration 1 Select TLS PKI 2 Press Enter The Intel Automated Setup and Configuration screen changes to the Intel Remote Configuration screen Figure 64 Intel Remote Configuration screen Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 18982 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 PKI DNS Suffix Manage Hashes Previous Menu LESC1 Exit tl 1 Select ENTER Access x may cause Intel R AMT partial unprovision 3 5 8 7 1 Remote Configuration Under the Intel Remote Configuration screen 1 Select Remote Configuration 2 Press Enter 86 Intel Confidential e Intel amp ME Manageability Features n tel Figure 65 Remote Configuration Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 18982 Copyri
18. BIOS Extension v 6 6 68043 Intel R ME v 6 6 1692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Username and Password SOL IDER Legacy Redirection Mode Previous Menu ESC Exit f4 Select ENTER Access Disabled x Enabled The following options can be selected Disabled Disable KVM Feature Enabled Enable KVM Feature Note disabling KVM does not remove this feature but disables it KVM will not work in this case Note KVM feature is NOT supported on Intel C600 series chipset platform or other platform design without Intel Integrated Graphics To select Disabled 1 Select Disabled 2 Press Enter 34 Intel Confidential m e Intel amp ME Manageability Features n tel 3 5 2 6 3 5 3 3 5 3 1 To select Enabled 1 Select Enabled 2 Press Enter Previous Menu Under the SOL IDER KVM screen 1 Select Previous Menu 2 Press Enter The SOL IDER KVM screen changes to the Intel AMT Configuration screen User Consent Sets whether local user consent is required before remote computer can establish a KVM Remote Control session to the local computer Also sets whether the remote computer s user can configure the KVM Opt In Policy Under the Intel AMT Configuration 1 Select User Consent 2 Press Enter The Intel AMT Configuration changes to the User Consent Configuration screen User Opt in Under the Use
19. Delete PID and PPS Instantly Remote Configuration Instantly Manage Hashes Instantly PKI DNS Suffix Upon Exiting Intel MEBX Intel Confidential
20. Exit Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2663 69 Intel Corporation All Rights Reserved 1 Current Provisioning Mode Provisioning Record RCFG gt Provisioning Server IPU4 IPU6 Provisioning Server FQDN TLS PSK gt TLS PKI gt Previous Menu tl Select CENTER Access Provision Record is not present Provisioning Record Displays the system s provision PSK PKI record data If the data has not been entered the Intel MEBX displays a message stating Provision Record not present If the data is entered the Provision record will display the following None PSK or PKI TLS provisioning mode Displays the current configuration mode of the system e Provisioning IP The IP address of the setup and configuration server e Date of Provision Displays the date and time of the provisioning in the format MM DD YYYY at HH MM e DNS indicates whether the PKI DNS Suffix was configured in Intel MEBX before remote configuration took place or not A value of 0 indicates that the DNS Suffix was not configured and the firmware will rely on DHCP option 15 and compare this suffix to the FQDN in the Configuration Server s client certificate A value of 1 indicates that the DNS Suffix was configured and the firmware matched it against the DNS Suffix in the Configuration Server s client certificate Host Initiated Intel Confidential 75
21. ID is automatically generated using the MAC address Manual ID The IPv6 Interface ID is configured manually Selecting this type requires that the Manual Interface ID is set with a valid value To select Random ID 1 Select Random ID 2 Press Enter To select Intel ID 1 Select Intel ID 2 Press Enter Intel Confidential 59 m e i n tel Intel ME Manageability Features To select Manual ID 1 Select Manual ID 2 Press Enter A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type 3 Select IPV6 Interface ID 4 Press Enter 5 Enter preferred Manual ID Figure 39 IPv6 Interface ID Intel R Management Engine BIOS Extension v 0 0652 Intel R ME v 8 8 1146 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 IPUB Feature Selection IPUB Interface ID Type IPV6 Interface ID IPV6 Address IPV6 Default Router Preferred DNS IPV6 Address Alternate DNS IPV6 Address Previous Menu Interface ID CESC1 Exit CENTER Submit 3 5 5 2 12 IPv6 Address Under the Wired LAN IPV6 Configuration 1 Select IPv6 Address 2 Press Enter 60 Intel Confidential e Intel amp ME Manageability Features n tel Figure 40 IPv6 Address Intel R Management Engine BIOS Extension v 8 6 6043 Intel R ME v 86 6 18692 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 IPUB Feature Selection
22. IPU6 Provisioning Server FQDN TLS PSK gt TLS PKI gt Previous Menu Provisioning server address ESC Exit CENTER Submit The IP address of the Intel AMT provisioning server 1 Enter provisioning server address 2 Press Enter Intel Confidential 79 i n tel Intel amp ME Manageability Features Figure 58 Provisioning Server Port number Intel R Management Engine BIOS Extension v 6 86 6643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved i 1 Current Provisioning Mode Provisioning Record RCFG gt Provisioning Server FQDN TLS PSK gt TLS PKI gt Previous Menu Port number 8 65535 B971 ESC Exit ENTER Submit The port number 0 65535 of the Intel AMT provisioning server The default port number is 9971 1 Enter provisioning server port number 2 Press Enter 3 5 8 5 Provisioning Server FQDN Under the Intel Automated Setup and Configuration screen 1 Select Provisioning Server FQDN 2 Press Enter 80 Intel Confidential e Intel amp ME Manageability Features n tel Figure 59 Provisioning Server FQDN Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1882 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Current Provisioning Mode Provisioning Record RCFG gt Provisioning Server IPU4 IPU6 TLS PSK gt TLS PKI gt Previous Menu Enter F
23. Intel ME Power Control screen changes to the Intel ME Platform Configuration screen 3 4 5 Previous Menu Under Intel ME Platform Configuration 1 Select Previous Menu 26 Intel Confidential m e Intel amp ME Manageability Features n tel 3 5 3 5 1 2 Press Enter The Intel ME Platform Configuration screen changes to the Main Menu Intel AMT Configuration Under the Main Menu 1 Select Intel AMT Configuration 2 Press Enter The Main Menu changes to the Intel AMT Configuration screen Manageability Feature Selection Under the Intel AMT Configuration screen 1 Select Manageability Feature Selection 2 A message is displayed Caution Disabling reset network settings including network ACLs to factory default System resets on MEBx exit Continue Y N Press Y to change setting or N to cancel Figure 10 Manageability Feature Selection Intel R Management Engine BIOS Extension v 7 8 8 8843 IntelC R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 SOL IDER KUM gt User Consent gt Password Policy Network Setup gt Unconfigure Network Access Remote Setup And Configuration gt Previous Menu ESC 1 Exit tL1 Select ENTER 1 Access I Disabled x1 Enabled Intel Confidential 27 i n te Intel ME Manageability Features When the Manageability Feature Selection is enabled the Intel ME manageab
24. ME The option can now be offered by system BIOS Please refer to Cougar Point Intel ME BIOS Writer s Guide section 4 2 for more details 3 4 1 Change Intel ME Password Under the Intel ME Platform Configuration menu Intel Confidential 17 i n tel Intel ME Manageability Features 1 Select Change Intel ME Password 2 Press Enter The Intel ME New Password prompt is displayed as in Figure 3 Figure 3 Change Intel ME Password Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved FW Update Settings Set PRTC Power Control Previous Menu Intel R ME New Password ESC 1 Exit CENTER 1 Submit 1 At the Intel ME New Password prompt enter your new password Please be aware of the password policies and restrictions mentioned in section 3 3 2 At the Verify Password prompt re enter your new password Your password is now changed 3 4 2 FW Update Settings 18 Under Intel ME Platform Configuration 1 Select FW Update Settings 2 Press Enter The Intel ME Platform Configuration screen changes to FW Update Settings page Intel Confidential m e Intel amp ME Manageability Features l n tel Figure 4 FW Update Settings Intel R Management Engine BIOS Extension v 8 6 6643 Intel R ME v 8 8 1882 Copyright C 2883 898 Intel Corporation All Rights Reserved
25. Reserved 1 IPV6 Interface ID Type IPV6 Address IPUB Default Router Preferred DNS IPV6 Address Alternate DNS IPV6 Address Previous Menu ESC 1 Exit tl1 Select L ENTER ficcess 1 Disabled x Enabled DISABLED The IPv6 interface is currently disabled ENABLED The IPv6 interface is currently enabled To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled ID 2 Press Enter 3 5 5 2 11 IPv6 Interface ID Type Under the Wired LAN IPV6 Configuration 1 Select IPv6 Interface ID Type 2 Press Enter 58 Intel Confidential m e Intel amp ME Manageability Features n tel Figure 38 IPv6 Interface ID Type Intel R Management Engine BIOS Extension v 8 6 6043 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPV6 Feature Selection IPUB Address IPV6 Default Router Preferred DNS IPUG fiddress Alternate DNS IPV6 Address Previous Menu ESC Exit tl Select ENTER Access Random ID Intel ID Manual ID The auto configured IPv6 address consists of two parts the IPv6 Prefix set by the IPv6 router is the first and the interface ID is following part 64 bits each The following options can be selected RANDOM ID The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041 This is the default Intel ID The IPv6 Interface
26. System Features reconfiguration If End User decides to reject the CPU change it is required to shut down the platform and replace original CPU If no End User interaction is provided then after 10 seconds wait time Intel MEBX will follow up assuming End User accepted CPU change The following exceptions capture when Intel ME FW will not request CPU Replacement confirmation from End User and the CPU Replacement message will not be shown 1 When system is in Manufacturing Mode Intel ME FW doesn t expect any messaging from user in other words it s assumed to be informed change in CPU 2 First boot after flashing in ME Region Intel ME FW doesn t expect any CPU replacement related flows that require user assistance Intel Confidential 103 104 intel 3 Intel amp ME Manageability Features When CPU Type was upgraded and new system features are enabled Intel ME FW doesn t expect any CPU replacement related flows that require user assistance The examples of such an upgrade are a CELERON CPU changed to PENTIUM CPU b CELERON CPU changed to Core Non vPro eligible CPU Cc CELERON CPU changed to CORE vPro eligible CPU d PENTIUM CPU changed to Core Non vPro eligible CPU e PENTIUM CPU changed to CORE vPro eligible CPU f Core Non vPro eligible CPU changed to CORE vPro eligible CPU Figure 80 represents message that will be exposed to End User whenever CPU Replacement took place downgrading CPU cap
27. a later time Web UI Disabled Enabled Enabled dead Bod EH Enabled if ida ark Disabled feature Enabled can be interface enabled in disabled at a later time Intel MEBX enabled Legacy Redirection Mode Controls Enabled if Disabled Need to set to FW listening for Disabled feature P HO EDT Intondeso incoming enabled in work with Legacy SMB Intel MEBX consoles redirection connections Manual configuration can be performed using the following six steps Note you must have a DHCP server in your environment 1 Burn the firmware 106 Intel Confidential Intel ME Manageability Features n tel 2 Enter the Intel MEBX and change the password 3 Enter Intel ME General Settings menu 4 Select Activate Network Access 5 Choose y in the confirmation message 6 Exit the Intel MEBX Intel Confidential 107 i n te Intel ME Manageability Features Appendix B Changes to Redirection Protocols Before Intel AMT 6 firmware had the small medium business SMB and the enterprise ENT provisioning modes ENT was inherently more secure than SMB which was meant to be more open and easy but less secure This change had an effect on the redirection protocols Before Intel AMT 6 SMB redirection ports were left open and Intel ME was listening constantly to the ports ISV s writing consoles that dealt with redirection would then just open a connection to the ME machine No extra steps were ne
28. establishing a KVM Remote Control session to this computer Under the User Consent Configuration screen 1 Select Opt in Configurable from remote IT 2 Press Enter Figure 18 Opt in Configurable from remote IT Intel R Management Engine BIOS Extension v 0 6 6043 Intel R ME v 6 6 18692 Copyright C 2883 89 Intel Corporation All Rights Reserved User Opt in Dpt in Configurable from Remote IT Previous Menu ESC 1 Exit tl1 Select ENTER Access I Disable Remote Control of KUM Opt In Polic x Enable Remote Control of KUM Opt In Policy The following options can be selected Intel Confidential 37 i n tel Intel amp ME Manageability Features 3 5 3 3 3 5 4 38 Disable Remote Control of KVM Opt in Policy This option disables the remote user s ability to change User OPT IN Policy In this case only the local user can control the opt in policy Enable Remote Control of KVM Opt in Policy Enables remote user s ability to change User OPT IN Policy Allows remote user to choose whether or not to request local user consent before establishing KVM Remote Control session to this computer To select Disable 1 Select Disable Remote Control of KVM Opt in Policy 2 Press Enter To select Enable 1 Select Enable Remote Control of KVM Opt in Policy 2 Press Enter Previous Menu Under the User Consent Configuration menu 1 Select Previous Menu 2 Press Enter
29. intel Intel Management Engine BIOS Extension Intel MEBX User s Guide User s Guide For systems based on Intel 6 Series Chipset Family and Intel PCH May 2011 Revision 1 2 Intel Confidential INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS NO LICENSE EXPRESS OR IMPLIED BY ESTOPPEL OR OTHERWISE TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE MERCHANTABILITY OR INFRINGEMENT OF ANY PATENT COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT UNLESS OTHERWISE AGREED IN WRITING BY INTEL THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR Intel may make changes to specifications and product descriptions at any time without notice Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them The information here is subject to change without notice Do
30. oa Qus de Dicere ida to oda ed iiia Doa dcdidw Sra ite Duas 40 Host Ip PEr M 41 Domai NAMIE exo ei unte axem tatnen thereon et eedeadnunux EA e Des cef dus 42 Shared Dedicated FQDN esses nennen a nn nnns 43 Dynamic DNS Update e cn eerie exa sa ca nd abet eer En PERSA nes 44 Periodic Update Interval eeeeeeieeeesenenee nnne nennen nnn nna 45 dE Tsuaccceenessiestus T acre tema claps sx RUDI TER MMUIER CDI RECURSUS 46 Wired LAN IPV4 Configuration sssssessseeemm eene 48 DHCP Mode Enabled recie tenta extera tek lee dace Rr Rx YE need cage DR ERIS 49 DHCP Mode Disabled 2th tene ehe xa ERR unn Ee a Oaa ER RA 49 III ds 51 Subnet Mask Address etie eren raa Ra kis e a 52 Intel Confidential 5 intel Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Default Gateway Address lees esee seen se nu haha nura n iaa A 53 Preferred DNS Address etica et rented eh woke se dre rasa DERE EE CR E biased 54 Alternate DNS Address eeeeseeeeesee inesse nnn ta nha nna aan na 55 Wired LAN IPV6 Configuration s
31. on the same hardware Note When entering more than 32 characters the software changes the 32 character on every new character pressed when in the last character position in the MEBx UI So whatever the last character typed on the 32 position it will replace the existing character in that position Note The password can be reset to the default setting admin by shutting down the system removing AC and DC power and performing a RTC reset Intel Confidential m e Intel amp ME Manageability Features n tel 3 4 Intel ME Platform Configuration Menu Under the Intel MEBX main menu 1 Select Intel ME General Settings 2 Press Enter The following message is displayed Acquiring General Settings configuration The Intel MEBX main menu changes to the Intel ME Platform Configuration page This page allows the IT administrator to configure the specific functionality of the Intel ME such as password power options etc Figure 2 Intel ME Platform Configuration Intel R Management Engine BIOS Extension v 6 0 0643 Intel R ME v 6 6 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 hange Intel R ME Password FW Update Settings Set PRTC Power Control Previous Menu ESC 1 Exit ti1 Select ENTER Access Note The option of Intel ME State Control appearing in previous versions of MEBx has been removed in order to avoid end users accidentally disable Intel
32. the Main Menu Exit Under the Main Menu 1 Select Exit 2 Press Enter Figure 79 Exit confirmation 98 Intel R Management Engine BIOS Extension v7 8 8 88047 Intel R ME v 8 8 1117 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Intel R ME General Settings Intel R AMT Configuration Exit ESC J Exit tl1 Select LENTER Access CONFIRM EXIT fire you sure you want to exit Y N Intel Confidential m e Intel amp ME Manageability Features n tel To exit MEBx select Y else select N 3 7 Intel Standard Manageability Configuration For platforms supporting Intel Standard Manageability e g Q67 with non vPro configuration and Q65 instead of Intel AMT Configuration the option of Intel Standard Manageability Configuration will be displayed in MEBx setup menu Figure 80 Intel Standard Manageability Configuration Intel R Management Engine BIOS Extension v 7 8 8 88047 Intel R ME v 8 8 1117 Copyright C 2663 89 Intel Corporation All Rights Reserved 1 Intel R ME General Settings k Intel R Standard Manageabilitu Configuration Exit CESC1 Exit tl 1 Select ENTER Access The menu under Intel Standard Manageability Configuration is the same as that displayed in Intel AMT Configuration Intel Confidential 99 Intel ME Manageability Features LINTELC R STANDARD MANAGEABILITY CONFIGURATION SOL
33. 31 Subnet Mask Address Intel R Management Engine BIOS Extension v 6 6 66043 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 DHCP Mode IPU4 fiddress Default Gateuay fiddress Preferred DNS fiddress Alternate DNS Address Previous Menu Subnet mask e g 255 255 255 8 ESC 1 Exit CENTER Submit 1 Enter the Subnet Mask Address 2 Press Enter Intel Confidential Intel ME Manageability Features n tel 3 5 5 2 5 Default Gateway Address Under the Wired LAN IPV4 Configuration 1 Select Default Gateway Address 2 Press Enter Figure 32 Default Gateway Address Intel R Management Engine BIOS Extension v 8 6 6043 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 DHCP Mode IPU4 fiddress Subnet Mask fiddress Preferred DNS fiddress Alternate DNS Address Previous Menu Default Gateway Address B 8 8 8 LESC Exit CENTER Submit 1 Enter the Default Gateway Address 2 Press Enter 3 5 5 2 6 Preferred DNS Address Under the Wired LAN IPV4 Configuration 1 Select Preferred DNS Address 2 Press Enter Intel Confidential 53 e l n tel Intel ME Manageability Features Figure 33 Preferred DNS Address Intel R Management Engine BIOS Extension v 6 6 6043 Intel R ME v 6 6 1692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 DHCP Mode IPU4 Addre
34. 6 6043 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved IPV6 Feature Selection IPUB Interface ID Type Previous Menu ESC J Exit tl1 Select ENTER Access Random ID Intel ID Manual ID An auto configured IPv6 address consists of two parts the IPv6 Prefix set by the IPv6 router is the first and the interface ID is following part 64 bits each The following options can be selected RANDOM ID The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041 This is the default Intel ID The IPv6 Interface ID is automatically generated using the MAC address Manual ID The IPv6 Interface ID is configured manually Selecting this type requires that the Manual Interface ID is set with a valid value To select Random ID 1 Select Random ID 2 Press Enter To select Intel ID 1 Select Intel ID 2 Press Enter Intel Confidential 67 i n tel Intel ME Manageability Features To select Manual ID 1 Select Manual ID 2 Press Enter A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type 3 Select IPV6 Interface ID 4 Press Enter 5 Enter preferred Manual ID Figure 47 IPv6 Interface ID wireless Intel R Management Engine BIOS Extension v 0 0651 Intel R ME v 8 8 1146 Copyright C 2883 89 Intel Corporation All Rights Reserved 1
35. 92 Selecting Hash Format SHA384 c ceceeeeeeeee sees eee eeeeeee eee 92 Selecting Hash Format Please choose a supported Hash Algorithm 93 Add Hash certificate iei rt pe Foe e eO pe pure Rebus ieta rum i das 93 Add Hash ACtIVE Em 94 Deleting a hash iii ert ecran tueri unte an EEEE EA candy KERIGUUG ZR CERES 95 Change Active State of HaSh c ccsceceeeeeseeeeseneeeeeeeenenneesaeeeeeeeanansens 96 View Hash details 5242 6 ductus dana e vet ie axe ouo ute beu esi uius 97 Exit COMPIFMALION E 98 Intel Standard Manageability Configuration esee 99 Intel Standard Manageability Configuration menu eene 100 SOL IDER KVM Menu under Intel Standard Manageability Configuration100 User Opt in options under Intel Standard Manageability Configuration 101 Intel Level III Manageability Configuration ccccssseeseeeeeeeeeeeeeeeeenes 102 Intel Level III Manageability Configuration MeNU sescseceeeeeeeeeeees 102 Intel MEBX CPU Replacement popup message sseeseeeeesceeeeeseeaeees 105 Intel Confidential 7 intel Revision History Number Number 8 Intel Confidential Introduction 1 1 1 2 Note intel Introduction Intel Management Engine Intel ME and Intel Management Engine BIOS Extension Intel MEBX Overview The Intel Management Engine Intel ME is an isolated and protected computing resource
36. DNS Update is disabled then the firmware will make no attempt to update DNS using DHCP option 81 or Dynamic DNS update If the DDNS Update state Enabled or Disabled is not configured by the user at all then the firmware will assume its old implementation where the firmware used DHCP option 81 for DNS registration but did not directly update DNS using the DDNS update protocol For selecting Enabled for Dynamic DNS Update it is required that the Host Name and Domain Name be set The following options can be selected Disabled The Dynamic DNS Update Client in FW is disabled Enabled The Dynamic DNS Update Client in FW is enabled To select Disabled 1 Select Disabled Intel Confidential m e Intel amp ME Manageability Features n tel 2 Press Enter To select Enabled 1 Select Enabled ID 2 Press Enter 3 5 5 1 5 Periodic Update Interval Note This option is only available when Dynamic DNS Update is enabled Under the Intel ME Network Name Settings menu 1 Select periodic update interval 2 Press Enter Figure 25 Periodic Update Interval Intel R Management Engine BIOS Extension v 8 86 0643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Host Name Domain Name Shared Dedicated FQDN Dynamic DNS Update TTL Previous Menu Value or gt 26 LESC Exit CENTER Submit Defines the interval at which the firmware DDNS Update cli
37. IDER KUM Ld User Consent Password Policy Network Setup b Activate Network Access Unconfigure Network Access Remote Setup And Configuration gt In the menus of SOL IDER KVM and User Consent the KVM related options are removed as KVM feature is not supported by Intel Standard Manageability CSOL IDER KUM SOL IDER Legacy Redirection Mode Previous Menu 100 Intel Confidential m e Intel amp ME Manageability Features n tel Figure 83 User Opt in options under Intel Standard Manageability Configuration Intel R Management Engine BIOS Extension v7 8 8 88047 Intel R ME v 8 8 1117 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Opt in Configurable from Remote IT Previous Menu ESC J Exit tl1 Select CENTER Access 1 All 3 8 Intel Level III Manageability Configuration For platforms supporting Intel Level III Manageability e g B65 and HM67 with Intel upgrade service instead of Intel AMT Configuration the option of Intel Level III Manageability Configuration will be displayed in MEBx setup menu The menu under Intel Level III Manageability Configuration is the same as that displayed in Intel AMT Configuration KVM is supported in Intel Level III Manageability Intel Confidential 101 102 Intel ME Manageability Features MAIN MENU Intel R ME General Settings k Intel R Level III M
38. IPV6 Interface ID Type IPV6 Default Router Preferred DNS IPUG Address Alternate DNS IPV6 Address Previous Menu 2661 db8 1428 57ab or any other valid IPV6 address IPV6 address e g CENTER Submit ESC Exit 1 Enter the IPv6 Address 2 Press Enter Intel Confidential intel Intel ME Manageability Features 3 5 5 2 13 IPv6 Default Router Under the Wired LAN IPV6 Configuration 1 2 Select IPv6 Default Router Press Enter Figure 41 IPv6 Default Router Intel R Management Engine BIOS Extension v 6 86 0043 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPV6 Feature Selection IPV6 Interface ID Type IPUB Address Preferred DNS IPUG Address Alternate DNS IPV6 Address Previous Menu IPV6 address e g 20601 db8 1428 57ab or any other valid IPV6 address L ESC Exit CENTER Submit 1 2 Enter the IPv6 Default Router Press Enter 3 5 5 2 14 Preferred DNS IPv6 Address 62 Under the Wired LAN IPV6 Configuration 1 2 Select Preferred DNS IPv6 Address Press Enter Intel Confidential e Intel amp ME Manageability Features n tel Figure 42 Preferred DNS IPv6 Address Intel R Management Engine BIOS Extension v 6 6 6643 Intel R ME v 6 6 1692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPV6 Feature Selection IPV6 Interface ID Type IPV6 Address I
39. PV6 Default Router Alternate DNS IPV6 Address Previous Menu IPV6 address e g 2601 db8 1428 57ab or any other valid IPV6 address L ESC Exit CENTER Submit 1 Enter the Preferred DNS IPv6 Address 2 Press Enter 3 5 5 2 15 Alternate DNS IPv6 Address Under the Wired LAN IPV6 Configuration 1 Select Alternate DNS IPv6 Address 2 Press Enter Intel Confidential 63 i n tel Intel amp ME Manageability Features Figure 43 Alternate DNS IPv6 Address Intel R Management Engine BIOS Extension v 6 86 6643 Intel R ME v 6 6 1692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPV6 Feature Selection IPV6 Interface ID Type IPV6 Address IPV6 Default Router Preferred DNS IPUG Address Alternate DNS IPUB Address Previous Menu IPV6 address e g 20601 db8 1428 57ab or any other valid IPV6 address ESC Exit CENTER Submit 1 Enter the Alternate DNS IPv6 Address 2 Press Enter 3 5 5 2 16 Previous Menu Under the Wired LAN IPV6 Configuration 1 Select Previous Menu 2 Press Enter The Wired LAN IPV6 Configuration menu changes to the TCP IP Settings menu 3 5 5 2 17 Wireless LAN IPV6 Configuration Under the TCP IP Settings 1 Select Wireless LAN IPV6 Configuration 2 Press Enter The TCP IP Settings menu changes to the Wireless LAN IPV6 Configuration page 64 Intel Confidential e Intel amp ME Manageability Feature
40. QDN of provisioning server ESC 1 Exit CENTER 1 Submit 3 5 8 6 FQDN of the provisioning server mentioned in the certificate PKI only This is also the FQDN of the server that AMT sends hello packets to for both PSK and PKI 1 Enter the FQDN of the provisioning server 2 Press Enter TLS PSK Under Intel Automated Setup and Configuration 1 Select TLS PSK 2 Press Enter The Intel Automated Setup and Configuration screen changes to the Intel Remote Configuration screen Intel Confidential 81 m e l n tel Intel ME Manageability Features Figure 60 Intel TLS PSK Configuration screen Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 18982 Copyright C 2883 898 Intel Corporation All Rights Reserved Set PID and PPS Delete PID and PPS Previous Menu ESC 1 Exit tl Select CENTER Access x may cause Intel R AMT partial unprovision This submenu contains the settings for TLS PSK configuration settings 3 5 8 6 1 Set PID and PPS 82 Under the Intel Remote Configuration screen 1 Select Set PID and PPS 2 Press Enter Intel Confidential m e Intel amp ME Manageability Features n tel Figure 61 Set PID and PPS Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved Set PID and PPS Delete PID and PPS Previ
41. R1 Uieu This option allows deleting of the selected certificate hash e Yes Intel MEBX sends the firmware a message to delete the selected hash e No Intel MEBX does not delete the selected hash and returns to Remote Configuration Intel Confidential 95 i n tel Intel amp ME Manageability Features 3 5 8 7 6 Changing the Active State When the key is pressed in the Manage Certificate Hashes screen the following screen is displayed as seen in the following screen Figure 77 Change Active State of Hash Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v7 8 8 18982 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Hash Name Active Default Algorithm Type GTE CyberTrust Global Root x x SHA1 Baltimore CyberTrust Root x x SHAL Change the active state of this hash Y N PAE Lab Certificate CESC1 Exit CINS 1 Add CDEL1 Del Active ENTER View Answering Y toggles the active state of the currently selected certificate hash Setting a hash as active indicates that the hash is available for use during PSK provisioning 3 5 8 7 7 Viewing a Certificate Hash When the Enter key is pressed in the Manage Certificate Hash screen the following screen is displayed 96 Intel Confidential Intel ME Manageability Features n tel Figure 78 View Hash details
42. S gt EN N N SOL IDER Username Password Y N KVM State Y N SOL state Y N IDER state Y N Intel Confidential m e Intel amp ME Manageability Features n tel Other MEBx global reset scenarios include 1 CPU replacement 2 ME Unconfiguration without MEBx password through system BIOS setting BPF 3 ME Unconfiguration by clearing CMOS These global resets happen when BIOS execute MEBx binary during post In these cases MEBx will pass the global reset flag to BIOS to perform global reset without going through MEBx User Interface Intel Confidential 111 Intel ME Manageability Features Appendix D PID PPS Checksum The PID and PPS are made up of ASCII codes of some combination of characters capital alphabet characters A Z and numbers 0 9 e The PID is an eight character entry of the form XXXX XXXC where C is the CRC Cyclic Redundancy Check of the preceding characters and is sent in the open e The PPS is a thirty two character quantity of the form XXXC XXXC XXXC XXXC XXXC XXXC XXXC XXXC where C is the CRC of the preceding characters and is a secret shared between the Intel AMT device and the Setup and Configuration Server When the PID and PPS are entered via the MEBx sub menu USB key the firmware checks for checksum characters embedded in the values The last character of the PID is expected to be a checksum of the previous seven characters and the fourth character in each group of four charac
43. X password can be changed through the network interface if the default password has not been changed yet Intel Confidential 39 i n tel Intel amp ME Manageability Features During Setup and Configuration The Intel MEBX password can be changed through the network interface during the setup and configuration process but at no other time Once the setup and configuration process is complete the Intel MEBX password cannot be changed via the network interface Anytime The Intel MEBX password can be changed through the network interface at any time 3 5 5 Network Setup 40 Under the Intel AMT Configuration screen 1 Select Network Setup 2 Press Enter The Intel AMT Configuration screen changes to the Intel ME Network Setup page Figure 20 Intel ME Network Setup Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Intel R ME Network Name Settings gt TCP IP Settings gt Previous Menu ESC Exit f4 Select ENTER Access Intel Confidential m e Intel amp ME Manageability Features n tel 3 5 5 1 Intel ME Network Name Settings Under the Intel ME Network Setup menu 1 Select Intel ME Network Name Settings 2 Press Enter The Intel ME Network Setup menu changes to the Intel ME Network Name Settings page 3 5 5 1 1 Host Name Under the Intel ME Network Nam
44. abilities This message will not be shown if replaced CPU has the same capabilities as the old one e g changing PENTIUM capable CPU to another PENTIUM capable CPU The message will be shown for 10 seconds and if End User did NEITHER pressed y or Y key NOR shut down the platform Intel MEBX will proceed with assumption that End User approved CPU change The valid changes that will result in the following message are 1 2 3 4 5 6 CORE vPro eligible CPU changed to Core Non vPro eligible CPU CORE vPro eligible CPU changed to PENTIUM CPU CORE vPro eligible CPU changed to CELERON CPU Core Non vPro eligible CPU changed to PENTIUM CPU Core Non vPro eligible CPU changed to CELERON CPU PENTIUM CPU changed to CELERON CPU The following actions are expected to be done by End User when the message from Figure 86 is shown 1 Press y or Y if End User approves CPU change that was performed on purpose Platform global reset will follow in which Intel ME will populate new feature set to whole ME infrastructure kernel and all applications based on modified CPU type Intel Confidential m e Intel amp ME Manageability Features n tel 2 Press n or any other key if End User disapproves CPU replacement change and CPU was replaced unintentionally The system will halt permanently displaying the message shown in Figure 80 End User is expected to shut down the platform and replace original CPU
45. agement Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Host Name Domain Name Dynamic DNS Update Previous Menu ESC 1 Exit tl1 Select L ENTER ficcess 1 Dedicated x1 Shared This setting determines whether the Intel ME Fully Qualified Domain Name FQDN i e the HostName DomainName is shared with the host and identical to the operating system machine name or dedicated to the Intel ME The following options can be selected Dedicated The FQDN domain name is dedicated to ME Shared The FQDN domain name is shared with the Host To select Dedicated 1 Select Dedicated 2 Press Enter To select Shared 1 Select Shared 2 Press Enter Dynamic DNS Update Under the Intel ME Network Name Settings menu Intel Confidential 43 44 i n tel Intel amp ME Manageability Features 1 Select Dynamic DNS Update 2 Press Enter Figure 24 Dynamic DNS Update Intel R Management Engine BIOS Extension v 7 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved L 1 Host Name Domain Name Shared Dedicated FQDN Previous Menu ESC 1 Exit tl 1 Select ENTER Access Disabled Enabled If Dynamic DNS Update is enabled then the firmware will actively try to register its IP addresses and FQDN in DNS using the Dynamic DNS Update protocol If D
46. ally turn on the redirection port through this Intel MEBX option When selecting the mode the message shown in Figure 15 Intel Confidential m e Intel amp ME Manageability Features l n tel Legacy Redirection Mode notification below will be displayed when users will select the Legacy Redirection Mode Please press enter to continue Figure 15 Legacy Redirection Mode notification Intel R Management Engine BIOS Extension v 8 6 68043 Intel R ME v 86 6 18692 Copyright C 2663 69 Intel Corporation All Rights Reserved 1 Username and Password SOL IDER Legacy Redirection Mode KUM Previous Menu ESC 1 Exit f4 Select ENTER Access Redirection Mode must be enabled when using a legacy SMB Redirection Console The following options can be selected Disabled legacy redirection Mode is disabled default Enabled the port is left open at all times when redirection is enabled in the Intel MEBX It is the same as what used to be SMB mode in previous projects Old before Intel AMT 6 0 SMB consoles will need this mode in order to succeed opening redirection sessions To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled ID 2 Press Enter Intel Confidential 33 i n tel Intel ME Manageability Features 3 5 2 5 KVM Under the SOL IDER KVM screen 1 Select KVM 2 Press Enter Figure 16 KVM Intel R Management Engine
47. anageability Configuration Exit Intel R ME Password LEVEL III MANAGEABILITY UPGRADE Manageability Feature Selection SOL IDER KUM gt User Consent gt Password Policy Network Setup k Activate Network Access Unconfigure Network Access Remote Setup And Configuration Intel Confidential Intel ME Manageability Features n tel 3 9 Intel MEBX CPU Replacement Flow The Intel MEBX is responsible for identifying CPU replacement whenever CPU Type changes between CORE vPro eligible CPU Core Non vPro eligible CPU PENTIUM CPU and CELERON CPU MEBX is responsible for notifying Intel ME FW about CPU TYPE populated In return Intel ME FW may request popup message to be exposed to End User demanding CPU Replacement approval The scenarios that result in Intel MEBX displaying CPU Replacement related message to End User is 1 CPU Type was Downgraded e g from CORE vPro eligible CPU to PENTIUM CPU or from Core Non vPro eligible CPU to CELERON CPU In this scenario Intel ME FW will request End User Approval since Intel ME FW feature set strongly relies on plugged in CPU TYPE The message is displayed to guard End User before unintentional CPU downgrades which would automatically result in loosing Intel ME FW feature set for example un configuration of AMT Feature Set Instead End User has option of either accepting CPU change or rejecting it before Intel ME FW triggers
48. assword cieiisenscatadeicedsdatvoeedaioiucininsioteniaeedlelecadindadeats 16 3 4 Intel ME Platform Configuration Menu iieri ck io ren ie dns 17 3 4 1 Change Intel ME Password ccccccssesssssseeseveccesneceasesseesecseeneneass 17 3 4 2 FW Update Settings incesi iann ani aE EEE a AES 18 3 4 3 Set PRTG yiii aai en E A E E EAE 21 3 4 4 Power COntrOl M araia a eian 23 3 4 5 ize ieaiedeacsteataesadiacecee aoe a i aE 26 3 5 Intel AMT Configuration cisadsncudiereasaenaismataninnaes oho gerinacronacdesientelaamnasaiene 27 3 5 1 Manageability Feature Selection sss 27 3 5 2 SOL IDER KVM ciere iii v a canine ci o vus vu DRY a OT ane 28 3 5 3 User CONSENE m M 35 3 5 4 Password Policy eerie retraite orent rne EE RE Re Era RE RE RA 38 3 5 5 Network Setip zs atacan eR ER FOR Re ARR EAR Ra ARE RE ERE 40 3 5 6 Activate Network ACCESS ici ceciiestarnce inae tnn adn danaa 69 3 5 7 Unconfigure Network Access sss 70 3 5 8 Remote Setup and Configuration sss 72 3 5 9 Previous Menu iiicese sesto cts uiri costae O 98 Intel Confidential 3 SM PIE 98 Intel Standard Manageability Configuration ccccssssseesseeeeeceeeseseeaeeseeees 99 Intel Level III Manageability Configuration esee 101 Intel MEBX CPU Replacement Flow eeeeeeen enne 103 Intel Confidential Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6
49. bmit The supported hash algorithms are 1 SHA1 2 SHA2 256 3 SHA2 384 If SHA1 is not chosen in the next screen you are prompted to select the option of supported SHA2 algorithm Enter Y if SHA256 is being used otherwise enter N Intel Confidential 91 Intel ME Manageability Features CINTEL R REMOTE CONFIGURATION Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu When SHA256 is not chosen in the next screen enter Y to select SHA2 384 INTELC R REMOTE CONFIGURATION Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu If N is entered an error message will be shown to prompt the user to select one supported algorithm Intel Confidential Intel ME Manageability Features CINTEL R REMOTE CONFIGURATION Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu After selecting desired Hash Algorithm you are prompted to enter the certificate hash value INTELCR REMOTE CONFIGURATION Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Enter Certificate e g ABCD 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD 1234 Intel Confidential 93 i n tel Intel amp ME Manageability Features The Certificate hash value is a hexadecimal number for SHA 1 it is 20 bytes for SHA 2 it is 32 bytes If the value is not entered in the correct format the message Invalid Hash Certificate Entered
50. e KUM Previous Menu ESC Exit tl1 Select ENTER Access E 1 Disabled x Enabled IDE R allows an Intel AMT managed client to be booted by a management console from a remote disk image If the client system does not support IDE R this value cannot enable it The following options can be selected Disabled IDER is disabled Enabled IDER is enabled To select Disabled 1 Select Disabled 2 Press Enter To select Enabled Intel Confidential 31 i n tel Intel ME Manageability Features 1 Select Enabled ID 2 Press Enter Note disabling IDER does not remove this feature but just blocks it from being used 3 5 2 4 Legacy Redirection Mode 32 Under the SOL IDER KVM screen 1 Select Legacy Redirection Mode 2 Press Enter Figure 14 Legacy Redirection Mode Intel R Management Engine BIOS Extension v 8 6 0643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Username and Password SOL IDER KUM Previous Menu ESC 1 Exit tl 1 Select ENTER Access Legacy Redirection Mode controls how the redirection works If set to disabled the console needs to open the redirection ports before each session This is meant for enterprise consoles and new SMB consoles that support opening the redirection ports The old SMB consoles before Intel AMT 6 0 which don t support opening the redirection ports function need to manu
51. e Settings menu 1 Select Host Name 2 Press Enter The Computer Host Name prompt is displayed as follows Figure 21 Host Name Intel R Management Engine BIOS Extension v 8 86 6643 Intel R ME v 8 4 1892 Copyright C 2663 69 Intel Corporation All Rights Reserved L 1 Domain Name Shared Dedicated FQDN Dynamic DNS Update Previous Menu Computer Host Name ESC 1 Exit CENTER 1 Submit A host name can be assigned to the Intel AMT machine This will be the hostname of the Intel AMT enabled system Intel Confidential 41 m l n tel Intel ME Manageability Features 3 5 5 1 2 Domain Name Under the Intel ME Network Name Settings menu 1 Select Domain Name 2 Press Enter The Computer Domain Name prompt is displayed as follows Figure 22 Domain Name Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved L 1 Host Name Shared Dedicated FQDN Dynamic DNS Update Previous Menu Computer Domain name ESC 1 Exit CENTER Submit A domain name can be assigned to the Intel AMT machine 3 5 5 1 3 Shared Dedicated FQDN Under the Intel ME Network Name Settings menu 1 Select Shared Dedicated FQDN 2 Press Enter 42 Intel Confidential m e Intel amp ME Manageability Features n tel Figure 23 Shared Dedicated FQDN 3 5 5 1 4 Intel R Man
52. eaten tenes 77 Activate RCEG tiii ete e EPDHRE RR Nea a daa ERR A NS LEAD MR FERRE aa a 78 Provisioning Server IPVA IPVO sesesesesesesense nennen nnn nnn nuni nana a 79 Provisioning Server Port number sesssssss eene 80 Provisioning Server FQDN x unioses cente thck sex EE s Duesukrrdrtenie usage Dus 81 Intel TLS PSK Configuration screen sssssssssesee nennen 82 Set PID and PPS re erret ex Feo TER Rr AAAA canes 83 Set PID arid PPS sizes irori raaa vir A Riera ee PEREAT e DUREE NUR RR RR GR RA 84 Delete PID and PPS cessere utar pt t nit eee exa epi ze e RR REEF E aaa 85 Intel Remote Configuration screen sssssssssssesee nennen 86 Intel Confidential Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Remote Config ratiOn s ai adicceldsadenridolecesadieedbanadadabdnarniansccegend ducers 87 PIT DNS SUFIK ED 88 Manage Hashes io oncon enar tar indica pie tap ARCU IA UE Ca ERR RR deeds MUT R RR URN 89 No hash detected te dxeexpt ie a psa quate n aud em DEus 89 Adding a new hash name esee nennen nnne nnn n aki ha hada nena nhau naa 90 Selecting Hash Format ccr ce t Linn ut ena sn cl aou tas eere 91 Selecting Hash Format SHA256 c ceceeeeeeeee eee tees eee eee
53. ect L ENTER ficcess Intel Confidential 77 i n tel Intel ME Manageability Features 3 5 8 3 1 Start Configuration Under the Intel Remote Configuration screen 1 Select Start Configuration 2 Press Enter Figure 56 Activate RCFG Intel R Management Engine BIOS Extension v7 8 8 8843 Intel CR ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Start Configuration Previous Menu ESC Exit tl1 Select ENTER Access CAUTION This will activate Remote Configuration Continue Y N If Remote Configuration is not activated Remote configuration cannot occur To activate enable remote configuration select Y 3 5 8 3 2 Previous Menu Under the Intel Remote Configuration menu 1 Select Previous Menu 2 Press Enter The Intel Remote Configuration screen changes to the Intel Automated Setup and Configuration screen 78 Intel Confidential Intel ME Manageability Features n tel 3 5 8 4 Provisioning Server IPV4 IPV6 Under the Intel Automated Setup and Configuration screen 1 Select Provisioning Server IPV4 IPV6 2 Press Enter Figure 57 Provisioning Server IPV4 IPV6 Intel R Management Engine BIOS Extension v 6 6643 Intel R ME v 86 6 18692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Current Provisioning Mode Provisioning Record RCFG gt Provisioning Server IPU4
54. eded The following flow was used 1 Open a connection 2 Perform redirection actions SOL IDER 3 Close the connection ENT Redirection ports were closed meaning Intel ME was not listening for redirection connections An SMB console wishing to open a connection to an ENT machine would fail since the ports were closed For the connection to succeed and how ENT consoles are implemented in the market the following flow was used Send open port command to the Intel ME machine Open a connection Perform redirection actions SOL IDER Close the connection UT que X ae op Send close port command to the Intel ME machine In Intel AMT 6 and Intel AMT 7 Since both provisioning modes are combined the more secure option was chosen but to ensure backwards compatibility for older SMB consoles that need the ports left 108 Intel Confidential m e Intel amp ME Manageability Features n tel open to succeed in creating SOL IDER connections since they do not send the open close commands we needed another setting the legacy redirection mode If legacy redirection mode is set to enabled the ports are left open and SMB consoles will be able to connect open and close the port is not needed If legacy redirection mode is set to disabled the ports are closed and the console needs the extra command to open close the ports in order to connect The user can go into Intel MEBx or use a USB key to set this sett
55. el MEBX press Ctrl P as soon as possible since this message is displayed for only a few seconds Also note that the OEM may replace the control character Ctrl P with another one or don t display it at all Ctrl P will be hidden when SoL or KVM session is established Users are not able to access MEBx UI in this scenario If Intel AMT has been configured CTLR ALT F1 will also be displayed along with lt CTRL P gt It is designed for end users to use Fast call for Help feature either inside or outside of corporate network environment when Intel AMT systems are not discovered by management console Intel Confidential m e Intel amp ME Manageability Features n tel 2 Enter the Intel Management Engine password under MEBX Password Press Enter The default password is admin This default password can be altered by the user Please refer to section 3 3 for Intel ME password details 3 The Intel MEBX screen is displayed as shown in section 3 2 3 2 Intel MEBX Main Menu Figure 1 Intel MEBX Configuration User Interface Main Menu Intel R Management Engine BIOS Extension v7 8 8 88047 Intel R ME v 8 8 1117 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Intel R ME General Settings Intel R AMT Configuration Exit Intel R ME Password LESC1 Exit CENTER Submit The options displayed in the main menu can vary depending on OEM implementation decis
56. el amp ME Manageability Features 3 5 5 2 3 50 DISABLED If DHCP mode is disabled the following static TCP IP settings are required for Intel AMT If a system is in static mode the system may require a second IP address This IP address often called the Intel ME IP address may be different from the host IP address ENABLED If DHCP Mode is enabled TCP IP settings will be configured by a DHCP server To select ENABLED 1 Select ENABLED 2 Press Enter No additional steps are required To select DISABLED 1 Select DISABLED 2 Press Enter If you disable DHCP more options will be displayed as shown above IPv4 Address Under the Wired LAN IPV4 Configuration 1 Select IPv4 Address 2 Press Enter Intel Confidential e Intel amp ME Manageability Features n tel Figure 30 IPv4 Address Intel R Management Engine BIOS Extension v 6 6 6643 Intel R ME v 86 6 1692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 DHCP Mode Subnet Mask Address Default Gateway Address Preferred DNS Address Alternate DNS Address Previous Menu IP address e g 123 123 123 168 CESC1 Exit CENTER Submit 1 Enter the IPv4 Address 2 Press Enter 3 5 5 2 4 Subnet Mask Address Under the Wired LAN IPV4 Configuration 1 Select Subnet Mask Address 2 Press Enter Intel Confidential 51 i n tel Intel amp ME Manageability Features Figure
57. en in the Manage Certificate Hash menu e Escape key exits from the menu Insert key adds a customized certificate hash to the system Delete key deletes the currently selected certificate hash from the system key Changes the active state of the currently selected certificate hash e Enter key Displays the details of the currently selected certificate hash 3 5 8 7 4 Adding a Customized Hash When the Insert key is pressed in the Manage Certificate Hash screen the following screen is displayed Figure 69 Adding a new hash name Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Enter Hash Name ESC 1 Exit CENTER 1 Submit 90 Intel Confidential m e Intel amp ME Manageability Features n tel To add a customized certificate hash Enter the hash name up to 32 characters When you press Enter you are prompted to select the algorithm of hash being used for PKI provisioning Enter Y if SHA1 is being used otherwise enter N Figure 70 Selecting Hash Format Intel R Management Engine BIOS Extension v 6 6643 Intel R ME v 1 6 7681 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Remote Configuration s PKI DNS Suffix Manage Hashes Previous Menu SHA1 Y N CESC1 Exit CENTER Su
58. ent will send periodic updates It should be set according to corporate DNS scavenging policy Units are minutes A value of 0 disables periodic update The value set should be equal or Intel Confidential 45 3 5 5 1 6 i n tel Intel ME Manageability Features greater than 20 minutes The default value for this property is 24 hours 1440 minutes 1 Enter desired interval 2 Press Enter TTL Note This option is only available when Dynamic DNS Update is enabled Under the Intel ME Network Name Settings menu 1 Select TTL 2 Press Enter Figure 26 TTL 46 Intel R Management Engine BIOS Extension v 8 6 0043 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Host Name Domain Name Shared Dedicated FQDN Dynamic DNS Update Periodic Update Interval Previous Menu ESC 1 Exit ENTER Submit This setting allows configuring the TTL time in seconds This number should be greater than zero If set to zero firmware uses its internal default value which is 15 min or 1 3 of lease time for DHCP Intel Confidential m e Intel amp ME Manageability Features n tel 3 5 5 1 7 3 5 5 2 3 5 5 2 1 1 Enter desired time in seconds 2 Press Enter Previous Menu Under the Intel ME Network Name Settings menu 1 Select Previous Menu 2 Press Enter The Intel ME Network Name Settings menu changes to the Intel ME Network Setup
59. figured with the following IPv6 addresses 1 One link local auto configured address 2 Up to three auto configured addresses 3 One DHCPv6 configured address 4 One statically configured IPv6 address The Intel ME IPv6 addresses are dedicated and not shared with the host operating system To enable Dynamic DNS registration for IPv6 addresses it is required to configure a dedicated FQDN Figure 35 Wired LAN IPV6 Configuration 56 Intel R Management Engine BIOS Extension v 8 86 0643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPUG Feature Selection Previous Menu ESC 1 Exit tL1 Select L ENTER 1 ficcess Intel Confidential Intel ME Manageability Features n tel 3 5 5 2 10 IPv6 Feature Selection Under the Wired LAN IPV6 Configuration 1 Select IPv6 Feature Selection 2 Press Enter Figure 36 IPv6 Feature Selection Disabled Intel R Management Engine BIOS Extension v 8 8 0843 Intel R ME v 8 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPUG Feature Selection Previous Menu LESC1 Exit tl1 Select CENTER1 Access x1 Disabled Enabled Intel Confidential 57 i n tel Intel amp ME Manageability Features Figure 37 IPv6 Feature Selection Enabled Intel R Management Engine BIOS Extension v 8 6 66043 Intel R ME v 6 6 1692 Copyright C 2883 89 Intel Corporation All Rights
60. ght C 2883 898 Intel Corporation All Rights Reserved PKI DNS Suffix Manage Hashes Previous Menu ESC Exit tl Select ENTER Access 1 Disabled Enabled x may cause Intel R AMT partial unprovision 3 5 8 7 2 Enabling Disabling Remote configuration will cause a partial un provision if the setup and configuration server is In process The following options can be selected Disabled remote configuration is disabled Only Remote Configuration and Previous Menu items are visible Enabled remote configuration is enabled this will show additional fields To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Disabled 2 Press Enter PKI DNS Suffix Under the Intel Remote Configuration screen 1 Select PKI DNS Suffix Intel Confidential 87 m i n tel Intel ME Manageability Features 2 Press Enter Figure 66 PKI DNS Suffix Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 89 Intel Corporation All Rights Reserved 1 Remote Configuration Manage Hashes Previous Menu Enter PKI DNS Suffix ESC 1 Exit CENTER Submit Key Value will be maintained in the EPS 1 Enter the PKI DNS Suffix 2 Press Enter 3 5 8 7 3 Manage Hashes Under the Intel Remote Configuration screen 1 Select Manage Hashes 2 Press Enter 88 Intel C
61. ility feature menu will be shown Leaving it disabled means that manageability will not be enabled To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled 2 Press Enter 3 5 2 SOL IDER KVM Under the Intel AMT Configuration with Intel AMT enabled 1 Select SOL IDER KVM 2 Press Enter The Intel AMT Configuration changes to the SOL IDER KVM screen 3 5 2 1 Username and Password Under the SOL IDER KVM screen 1 Select Username and Password 2 Press Enter 28 Intel Confidential Intel ME Manageability Features Figure 11 Username and Password 3 5 2 2 intel Intel R Management Engine BIOS Extension v 8 6 6043 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved SOL IDER 1 Legacy Redirection Mode KUM Previous Menu CESC 1 Exit t 1 Select 1 Disabled x Enabled ENTER Access This option provides the user authentication for SOL IDER session If Kerberos is used this option should be set to DISABLED The user authentication is handled through Kerberos If Kerberos is not used the IT administrator has the choice to enable or disable user authentication on SOL IDER session The following options can be selected Disabled Username and Password is disabled Enabled Username and Password is enabled To select Disabled 1 Select Disabled 2 Press Enter
62. ing If the USB key is a legacy one prepared by an SMB console Intel MEBx automatically sets the legacy redirection mode to Enabled Since SMB configuration required manual touch anyway this poses no customer issue Intel Confidential 109 i n te Intel ME Manageability Features 110 Appendix C Global Reset from MEBx Several MEBx configuration options require a global reset after they have been edited by the user The reset is flagged while in the MEBx UI and passed back to BIOS to perform the reset request The MEBx UI has to keep track of which configuration options require a global reset after exiting MEBx Multiple techniques are used to ensure the global reset flow is entered correctly The MEBx uses 2 flags for its logic related to signaling global resets Reboot and Exit The Reboot flag indicates that the current option will require a reboot after exiting MEBx The Exit flag is used to force the user out of the MEBx UI Reboot MEBx must set this flag when an option that requires a global reset has been edited from its original state A list of global reset options is itemized in the table below Exit MEBx must completely exit the UI immediately after editing the option Table of MEBx UI Global Reset Options Option Reboot Exit Max Logins exceeded Y Y CPU String Emulation Y N Manageability Feature Selection EN DIS Y N Manageability Feature Selection DI
63. ions The main menu selections are e Intel ME General Settings e Intel AMT Configuration e Exit Note Intel MEBX will display only detected options If one or more of these options does not appear verify that the system supports the relevant missing feature Intel Confidential 15 i n te Intel ME Manageability Features 3 3 16 Change Intel ME Password The default password is admin and is configured identically on all newly deployed platforms When an IT administrator first enters the Intel MEBX configuration menu with the default password he or she must change the default password before any feature can be used The new Intel MEBX password must meet the following requirements for strong passwords 1 Password Length At least 8 characters and no more than 32 2 Password Complexity Password must include the following At least one digit character 0 1 9 At least one 7 bit ASCII non alpha numeric character e g but excluding and characters At least one lower case letter a b z and at least one upper case letter A uror Note underscore and whitespace are valid password characters but do NOT contribute to the password s complexity Note There are certain limitations creating passwords with non US layout keyboards Remote system connectivity may occur if different keyboard layouts are used
64. lect Previous Menu 2 Press Enter The FW Update Settings screen changes to the Intel ME Platform Configuration Screen 3 4 3 Set PRTC Under Intel ME Platform Configuration 1 Select Set PRTC 2 Press Enter Figure 6 Set PRTC Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 1892 Copyright C 2663 69 Intel Corporation All Rights Reserved 1 Change Intel R ME Password FW Update Settings Power Control Previous Menu Enter PRTC in GMTCUTC format Y MM DD HH MM SS ESC 1 Exit CENTER Submit Intel Confidential 21 22 i n te Intel ME Manageability Features Valid date range 1 1 2004 1 4 2021 Setting the PRTC value is used for virtually maintaining PRTC during the power off G3 state 1 Enter PRTC in GMT UTC format YYYY MM DD HH MM SS 2 Press Enter Intel Confidential m e Intel amp ME Manageability Features n tel 3 4 4 Power Control Under Intel ME Platform Configuration 1 Select Power Control 2 Press Enter The Intel ME Platform Configuration screen changes to the Intel ME Power Control Screen Figure 7 Power Control Intel R Management Engine BIOS Extension v7 8 8 8843 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved L 1 Intel R ME ON in Host Sleep States Idle Timeout Previous Menu ESC 1 Exit tl1 Select ENTER Access
65. n defined by the US Environmental Protection Agency that relies upon all of the system s components including processor chipset power supply HDD graphics controller and memory to meet the specification For more information see http www energystar gov index cfm fuseaction find_a_product showProductGroup amp pgw_code CO Intel the Intel logo and Intel vPro are trademarks of Intel Corporation in the U S and other countries Other names and brands may be claimed as the property of others Copyright 2010 2011 Intel Corporation All rights reserved 2 Intel Confidential Contents 1 THLFOGUGCUION ssi TEE 9 1 1 Intel Management Engine Intel ME and Intel Management Engine BIOS Extension Intel MEBX Overview ssssssccccccssecsssseeesecceseeuscsesecesecsensensess 9 1 2 Scope of dOCUMPENE ouest respice eia R ddd ebicikesaliiann Usu Merny ander CREE 9 1 3 Target A dience x ires rn dala va daw gu LR RA a ae decane ene ERE Aus 10 1 4 ACKONYIMS I MTTTTPTTTMTEMMTM 10 1 5 Related Documentation repre rir tke ritmo p naria ea uera pei EE aee ware RS 11 2 client System Requirements arte gno a a aE DE EEA Ea 12 3 Intel ME Manageability Features cccccccscceccecceeeuceeeeeseeeeceeeeeseuaueseuanusuuaneennanss 14 3 1 Access Intel MEBX Configuration User Interface sese 14 3 2 Intel MEBX Main MENU etenee EEEE EEEE EEEE EEEE EEEE EEEE idu Uni Ud 15 3 3 Change Intel ME P
66. not finalize a design with this information The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications Current characterized errata are available on request Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order All products platforms dates and figures specified are preliminary based on current expectations and are subject to change without notice All dates specified are target dates are provided for planning purposes only and are subject to change Intel Active Management Technology requires the computer system to have an Intel AMT enabled chipset network hardware and software as well as connection with a power source and a corporate network connection Setup requires configuration by the purchaser and may require scripting with the management console or further integration into existing security frameworks to enable certain functionality It may also require modifications of implementation of new business processes With regard to notebooks Intel AMT may not be available or certain capabilities may be limited over a host OS based VPN or when connecting wirelessly on battery power sleeping hibernating or powered off For more information see www intel com technology platform technology intel amt ENERGY STAR denotes a system level energy specificatio
67. on Exiting Intel MEBX Periodic Update Interval Upon Exiting Intel MEBX TTL Upon Exiting Intel MEBX Intel Confidential 113 Option Intel ME Manageability Features Reflected in the firmware DHCP Mode Upon Exiting Intel MEBX IPV4 Address Upon Exiting Intel MEBX Subnet Mask Address Upon Exiting Intel MEBX Default Gateway Address Upon Exiting Intel MEBX Preferred DNS Address Upon Exiting Intel MEBX Alternate DNS Address Upon Exiting Intel MEBX IPV6 Feature Selection Upon Exiting Intel MEBX IPV6 Interface ID Type Upon Exiting Intel MEBX IPV6 Interface ID Upon Exiting Intel MEBX IPV6 Address Upon Exiting Intel MEBX IPV6 Default Router Upon Exiting Intel MEBX Preferred DNS IPV6 Address Upon Exiting Intel MEBX Alternate DNS IPV6 Address Upon Exiting Intel MEBX Wireless IPV6 Feature Selection Upon Exiting Intel MEBX Wireless IPV6 Interface ID Type Upon Exiting Intel MEBX Wireless IPV6 Interface ID Upon Exiting Intel MEBX Current Provisioning Mode Upon Exiting Intel MEBX Provisioning Record None Provisioning Server IPV4 IPV6 Upon Exiting Intel MEBX Provisioning Server IPV4 IPV6 Upon Exiting Intel MEBX Provisioning Server FQDN Upon Exiting Intel MEBX Start Configuration Instantly Halt Configuration Instantly Set PID and PPS Instantly
68. onfidential Intel ME Manageability Features EINTELCR REMOTE CONFIGURATION Remote Configuration PKI DNS Suffix Manage Hashes Previous Menu Hash Name Active Default Algorithm Type VeriSign Class 3 Primary CA G3 x x SHAL Go Daddy Class 2 CA x 1 SHAL Comodo AAA CA x x SHALL Starfield Class 2 CA x x SHA1 VeriSign Class 3 Primary CA G2 x x SHR1 VeriSign Class 3 Primary CA G1 5 x x SHR1 VeriSign Class 3 Primary CA G5 x x SHA1 Selecting this option will enumerate the hashes in the system and display the Hash Name and the active and default state If the system does not contain any hashes yet Intel MEBX will display the following screen Intel R Management Engine BIOS Extension v 8 6 6626 Intel R ME v 6 1628 Copyright C 2883 89 Intel Corporation All Rights Reserved INTELCR REMOTE CONFIGURATION Remote Configuration sx PKI DNS Suffix Manage Hashes Previous Menu L ESCI Exit f41 Select ENTER Access There were no hashes detected in the system Do you want to add a hash Y N may cause Intel R AMT partial unprovision Intel Confidential 89 i n tel Intel amp ME Manageability Features Answering Yes will begin the process of adding customized hash Please see the next section below The Manage Certificate Hash screen provides keyboard controls for managing the hashes on the system The following keys are valid wh
69. ous Menu Enter PID e g ABCD 1234 ESC 1 Exit CENTER 1 Submit Setting the PID PPS will cause a partial unprovision if the setup and configuration is In process The PID and PPS should be entered in the dash format Ex PID 1234 ABCD PPS 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD Note A PPS value of 0000 0000 0000 0000 0000 0000 0000 0000 will not change the setup configuration state If this value is used the setup and configuration state will remain Not started 1 Enter PID 2 Press Enter 1 Enter PPS 2 Press Enter If an invalid entry is attempted an error message will be displayed Intel Confidential 83 84 Intel ME Manageability Features INTELC R REMOTE CONFIGURATION Bet PID and PPS Delete PID and PPS xx Previous Menu INTELCR REMOTE CONFIGURATION Delete PID and PPS xx Previous Menu Under the Intel Remote Configuration screen 1 Select Delete PID and PPS 2 Press Enter Intel Confidential e Intel amp ME Manageability Features n tel Figure 63 Delete PID and PPS Intel R Management Engine BIOS Extension v 8 8 8843 Intel R ME v 8 8 18982 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 Set PID and PPS Delete PID and PPS Previous Menu ESC IJ Exit tl1 Select CENTER Access This will delete the PID and PPS entries Continue Y N x may cause Intel R
70. page TCP IP Settings Under the Intel ME Network Setup menu 1 Select TCP IP Settings 2 Press Enter The Intel Network Setup menu changes to the TCP IP Settings page Note The Intel MEBX has menus for Wireless IPV6 but no menu for wireless IPV4 When the Intel MEBX starts it will check for the wireless interface to make the decision to display the wireless IPV6 menu or not Wired LAN IPV4 Configuration Under the TCP IP Settings 1 Select Wired LAN IPV4 Configuration 2 Press Enter The TCP IP Settings menu changes to the Wired LAN IPV4 Configuration page Intel Confidential 47 e l n tel Intel ME Manageability Features Figure 27 Wired LAN IPV4 Configuration Intel R Management Engine BIOS Extension v 6 6 6043 Intel R ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved DHCP Mode Previous Menu ESC 1 Exit tl1 Select LENTER1 Access 3 5 5 2 2 DHCP Mode Under the Wired LAN IPV4 Configuration 1 Select DHCP Mode 2 Press Enter 48 Intel Confidential Intel ME Manageability Features HIRED LAN IPU4 CONFIGURATION Previous Menu x Enabled HIRED LAN IPU4 CONFIGURATION IPU4 Address Subnet Mask Address Default Gateway Address Preferred DNS Address Alternate DNS Address Previous Menu The following options can be selected Intel Confidential 49 i n te Int
71. r Consent Configuration screen 1 Select User Opt in 2 Press Enter Intel Confidential 35 36 i n tel Intel amp ME Manageability Features Figure 17 User Opt in Intel R Management Engine BIOS Extension v 6 6 6043 Intel R ME v 6 6 18692 Copyright C 2883 898 Intel Corporation All Rights Reserved Opt in Configurable from Remote IT Previous Menu CESC1 Exit tl1 Select ENTER Access x KUM 1 All The following options can be selected None Local User Consent is not required for a remote computer to establish KVM Remote Control session KVM Local User Consent is required for a remote computer to establish KVM Remote Control session All Local User Consent is required for SOL IDER and KVM NOTE When using Host Based Provisioning Client mode will override this setting and behave as if the ALL option has been selected More details regarding Host Based Provisioning and Client Mode can be found in the Activator User guide and the UCT User Consent Tool user guide in the SDK kit To select None 1 Select None 2 Press Enter To select KVM 1 Select KVM Intel Confidential Intel ME Manageability Features n tel 2 Press Enter To select AII 1 Select All 2 Press Enter 3 5 3 2 Opt in Configurable from remote IT This setting determines whether a remote computer s user can configure the Opt In Policy when
72. s n tel Figure 44 Wireless LAN IPV6 Configuration Intel R Management Engine BIOS Extension v7 8 8 8843 Intel CR ME v7 8 8 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved i 1 IPUB Feature Selection Previous Menu M P H ESC Exit tl1 Select ENTER Access 3 5 5 2 18 IPv6 Feature Selection Under the Wireless LAN IPV6 Configuration 1 2 Select IPv6 Feature Selection Press Enter Intel Confidential 65 i n tel Intel amp ME Manageability Features Figure 45 IPv6 Feature Selection Intel R Management Engine BIOS Extension v 0 86 6643 Intel R ME v 6 6 1892 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 IPUB Feature Selection IPV6 Interface ID Type Previous Menu ESC Exit tl1 Select ENTER Access I 1 Disabled Enabled DISABLED The IPv6 interface is currently disabled ENABLED The IPv6 interface is currently enabled To select Disabled 1 Select Disabled 2 Press Enter To select Enabled 1 Select Enabled ID 2 Press Enter 3 5 5 2 19 IPv6 Interface ID Type Under the Wireless LAN IPV6 Configuration 1 Select IPv6 Interface ID Type 2 Press Enter 66 Intel Confidential m e Intel amp ME Manageability Features n tel Figure 46 IPv6 Interface ID Type Intel R Management Engine BIOS Extension v
73. ss Subnet Mask Address Default Gateway Address Alternate DNS Address Previous Menu Preferred DNS address ESC 1 Exit CENTER Submit 1 Enter the Preferred DNS Address 2 Press Enter 3 5 5 2 7 Alternate DNS Address Under the Wired LAN IPV4 Configuration 1 Select Alternate DNS Address 2 Press Enter 54 Intel Confidential e Intel amp ME Manageability Features n tel Figure 34 Alternate DNS Address Intel R Management Engine BIOS Extension v 6 6 6043 Intel R ME v 86 6 18692 Copyright C 2883 898 Intel Corporation All Rights Reserved 1 DHCP Mode IPU4 Address Subnet Mask Address Default Gateway Address Preferred DNS Address Alternate DNS Address Previous Menu Alternate DNS Address BH 8 8 8 CESC1 Exit CENTER Submit 1 Enter the Alternate DNS Address 2 Press Enter 3 5 5 2 8 Previous Menu Under the Wired LAN IPV4 Configuration 1 Select Previous Menu 2 Press Enter The Wired LAN IPV4 Configuration menu changes to the TCP IP Settings menu Intel Confidential 55 i n tel Intel ME Manageability Features 3 5 5 2 9 Wired LAN IPV6 Configuration Under the TCP IP Settings 1 Select Wired LAN IPV6 Configuration 2 Press Enter The TCP IP Settings menu changes to the Wired LAN IPV6 Configuration page Note The Intel ME network stack supports a multi homed IPv6 interface Each network interface can be con
74. ssssssseeeemm eene 56 IPv6 Feature Selection Disabled ssssssssessse nnn 57 IPv6 Feature Selection Enabled eee eere 58 IPv6 Interface ID Type iie ennt nn tend nnn a kun enema ane FER dia hd ad AERA 59 IPv6 Interface ID eee neutron aa canas R siente UP E kasd aa RES 60 IPV6 AddE 85S dedita alone nn dR read aC RE M aD Me ER aL RERUM ad dud sian 61 Musas 62 Preferred DNS IPv6 Address ssssssssssssse nene 63 Alternate DNS IPv6 Address c cccscsecceccececaeeseseceeeeeseaaeeeererecenaeetaceere 64 Wireless LAN IPV6 Configuration ccceeeeeeee eset eee eee mene 65 IPv6 Feature Selection eroe creer et a x a dur etch canta 66 IPv6 Interface ID TVpG oer eroe trier nre enhn aine er d nn ma n ERR RR Rea adn AERA 67 IPV6 Interface ID wireless 2 eerie arn kenn pna ne aa 68 Activate Network ACCESS ni cisincec sedere eaaet eRR ER RERER E TUE NR ERA RARE ERE RE AER 69 Unconfigure Networlc ACCESS 2 neret nine nehmen sa lat na DE RR n RR tsa eae 70 Unconfigure Network Access ssssssssseee meme 71 Unconfigure Network ACCESS eere int hh cv hs enda n ak Ra ka n md la Ra eects 72 Remote Setup and Configuration sess 73 Current Provisioning Mode nece ct nes pinna ca d hn x aranea RES 74 Provisioning FGCOFGd uice ce rte danh tics nk no Fa nnb n rit ARRA AERE Ane rir ade nu dis 75 Intel Remote Configuration screen sss eee eee
75. tate Shutdown sleep state Serial Peripheral Interface Software Transmission Control Protocol Coordinated Universal Time Virtual Appliance Virtual LAN Wake on LAN Related Documentation Refer to the Intel vPro Expert Center s user documentation page available at the link below for a collection of documents containing further information on the Intel vPro provisioning process including specific documents for implementing Intel vPro technology with a number of popular management consoles http communities intel com community openportit vproexpert view documentsIn addition please refer to the Intel vPro Expert Center at the link below for general information about Intel vPro technology http communities intel com community openportit vproexpert Intel Confidential 11 12 n tel Client System Requirements Client System Requirements The client system referred to in this document is based on the Intel 6 Series Chipset Family Intel PCH platform and is managed by Intel Management Engine The following firmware and software requirements are required to be installed and set up before the Intel Management Engine can be configured and run in the client system e An SPI flash device programmed with Intel AMT 7 0 flash image integrating BIOS Intel Management Engine and GbE component images e BIOS set up with Intel AMT enabled e To enable all of the Intel Management Engine features
76. ters in the PPS is expected to be a checksum of the previous three characters This check is made to reduce the possibility of operator error when entering these values Intel Confidential Intel ME Manageability Features n tel Appendix E Intel MEBX Options Being Reflected in the Firmware Below is the list of MEBx options which will be reflected in FW when saved Note Those settings are located in data region of the FW and when saved FW will look at the saved settings and run the corresponding execution when necessary Option Reflected in the firmware MEBx Login Instantly Change ME Password Instantly Set PRTC Upon Exiting Intel MEBX Local FW Update Upon Exiting Intel MEBX Intel R ME ON in Host Sleep States Upon Exiting Intel MEBX Idle Timeout Upon Exiting Intel MEBX Manageability Feature Selection Upon Exiting Intel MEBX Password Policy Upon Exiting Intel MEBX Activate Network Access Instantly Unconfigure Network Access Instantly Username and Password Instantly SOL Instantly IDER Instantly Legacy Redirection Mode Instantly KVM Feature Selection Instantly User Opt in Upon Exiting Intel MEBX Opt in Configurable from Remote IT Upon Exiting Intel MEBX Host Name Upon Exiting Intel MEBX Domain Name Upon Exiting Intel MEBX Shared Dedicated FQDN Upon Exiting Intel MEBX Dynamic DNS Update Up
77. within Microsoft Operating System device drivers Intel MEI SOL LMS must be installed and configured on the client system for features to work run correctly in the client system Intel Confidential Client System Requirements Intel Confidential 13 i n te Intel ME Manageability Features 3 1 14 Note Note Note Note Intel ME Manageability Features The Intel MEBX menu for digital office SKUs provides platform level configuration options for the IT administrator to configure the behavior of the Intel ME platform The behavior includes platform configuration such as individual feature enable disable and power configurations The following section provides the details on each Intel MEBX configuration option and the constraints if any for a given option When you change Intel ME Platform Configuration settings the changes are committed to the Intel ME s non volatile memory when you exit from Intel MEBX the changes are not cached Therefore if Intel MEBX crashes before you exit the changes made until that point are LOST and the changed settings are NOT saved Access Intel MEBX Configuration User Interface The Intel MEBX configuration user interface can be accessed on a client system through the following steps 1 On rebooting the system after the initial boot screen the following message will be displayed Press lt CTRL P gt to enter Intel ME Setup To enter the Int
Download Pdf Manuals
Related Search