Intel Active Management Technology (AMT)

From ThinkWiki
Jump to: navigation, search

Contents

Intel® Active Management Technology (AMT)

Some Lenovo laptops offer some of their Intel processors' special management features.

Version Models
AMT 2.5 T61, T61p
X61, X61s, X61 Tablet
iAMT ? T400, T400s, T410, T410i, T410s, T500, T510, T510i
W500, W510, W700, W700ds, W701, W701ds
X200, X200s, X200 Tablet, X201, X201i, X201s, X201 Tablet, X220, X300, X301

Features

  • Management over the Network (LAN and WLAN, using AMT 2.5)
  • Remote Asset (Hardware and Software) Inventory
  • Remote Diagnostic and repair (even if laptop is off or down)
  • Agent Presence Checking (isolate corrupted laptops)
  • Encrypted software update (w/ remote power-on).
  • System isolation and recovery (Use hardware to filter inbound and outbound traffic, except management traffic)
  • Dedicated Flash memory (Firmware + Inventory + ISV Data)

Linux support

The Linux heci driver to support iAMT was part of the staging tree as of the 2.6.30 kernel, but removed in 2.6.32 at the request of Intel as they have indicated having no further interest in it and have abandoned it.

Hints how to setup it via Intel ME BIOS Extension (MEBx) based on the T61p (Small business Mode)

Pre-configuration

  • Use ThinkVantage System Update so you have the latest BIOS
  • Reboot the system

Enabling AMT in BIOS

  • Hit the ThinkVantage button during the POST screen, then after the menu appears hit 'F1'
    • Select 'Config' on the main screen
      • Select 'Intel(R) AMT'
        • Set 'Intel (R) AMT Control' to 'Enabled'
        • Hit 'F10' to Save and Exit

Configuring Intel ME BIOS Extension for the first time

  • After the POST screen you will see the Intel(R) Management Engine BIOS Extension screen.
  • Hit Ctrl+P to enter the setup.
  • Possibly press "1" to enter Intel(R) Management Engine BIOS Extension configuration screens.
  • On the first screen you can enter the Intel(R) ME Password.

The default password is 'admin' (without quotes)

  • If you try to change the Intel ME password and get "Error - Intel(R) ME password change rejected" message, then you are using a weak password.

Here are guidelines for the Intel(R) ME strong password:

    • Comprise 8 to 32 characters
    • including both upper and lower case characters
    • including at least one numeric character
    • including at least one ASCII non-alphanumeric character (!, @, #, $, %, ^, &, *)

Enabling AMT in Intel Management Engine BIOS Extension

  • On the main Management Engine Bios Extension page select Intel(R) ME Configuration
    • Select 'Intel(R) ME State Control'
      • Set it ENABLED
      • Select Return to Previous Menu
    • Select 'Intel(R) ME Firmware Local Update Qualifier'
      • Set it to ALWAYS OPEN
      • Select Return to Previous Menu
    • Select 'Intel(R) ME Features Control'
      • Select 'Manageability Feature Selection'
        • Choose 'Intel(R) AMT'
      • Select Return to Previous menu
    • Select 'Intel(R) ME Power Control'
      • Select 'Intel(R) ME ON in Host Sleep States'
        • Set the 'widest' range of Sleep States
        • Hit 'ESC' to Exit. The system will reboot now.

Configuring AMT via Intel ME

  • Hit Ctrl+P when the Intel ME BIOS messages apear
  • Select 'Intel(R) AMT Configuration'
    • Select 'Host Name' and enter the same name as for the OS Host name
    • Select 'TCP/IP'
      • Hit 'N' to enable the Network Interface
      • Hit 'N' to enable DHCP
      • provide your domain name as set (or to be set) in the OS
    • Select 'Provision Model'
      • Hit 'N' to not change to AMT 1.0 Mode
      • Hit 'Y; to change to Small Business
    • Select 'SOL/IDE-R'
      • Hit 'Y' to confirm the warning
      • Set Username & Password to ENABLED (if it's set to ENABLED don't hit just 'ENTER' because you disable it)
      • Set Serial Over LAN to ENABLED
      • Set IDE Redirection to ENABLED
    • Select 'Secure Firmware Update'
      • Set it to ENABLED
    • Hit 'ESC' to Exit. The system will reboot again.

Configuring Windows

  • Use ThinkVantage System Update to get the AMT Software
  • After update reboot
  • After Log-in you should see the message 'Intel(R) Active Management Technology (Intel(R) AMT) status on this computer is enabled.'

Firmware update

Lenovo provides Intel AMT firmware updates only in the form of Windows executables. Thus, if you don't have Windows installed on your laptop, for the purpose of updating Intel AMT firmware you will have to use Windows PE. Once you boot into Windows PE, before launching the firmware upgrade with MEUPDATE.CMD (which you have to extract from Intel AMT Management Engine Firmware for Windows using wine) you need to load HECI driver with "drvload HECI.inf" (the HECI driver can be extracted with wine from Intel AMT Management Engine Interface for Windows).

Links

  • See Also Centrino Pro
  • Intel - AMT [1]
  • Intel® Active Management Technology (Intel AMT) Software Development Kit (SDK) Start Here Guide [2]
  • Tips & Tricks for Setting up & Accessing an Intel AMT Client [3]
  • Intel-AMT Set And Review Thailand Version [[4]]
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox