26) When power is reapplied to the system, it will immediately look for a Setup
and Configuration Server. If one is found, the AMT system will send a "Hello"
message to the server.
DHCP and DNS must be available for the Setup and Configuration Server
search to automatically succeed. If DHCP and DNS are not available, then the
Setup and Configuration Server's IP address must be manually entered into the
AMT system's MEBx.
The "Hello" message will contain the following information:
PID
•
UUID (Universally Unique Identifier)
•
IP address
•
•
ROM and FW version numbers
The "Hello" message is transparent to the end-user. There is no feedback
mechanism to tell the user the "Hello" message is being broadcast.
27) The Setup and Configuration Server will use the information in the "Hello"
message to initiates a Transport Layer Security (TLS) connection to the AMT
system using TLS Pre-Shared-Key (PSK) cipher suite if TLS is supported.
28) The Setup and Configuration server uses the PID to lookup PPS in provisioning
server database and uses the PPS and PID to generate TLS Pre-Master Secret.
TLS is optional. For secure and encrypted transactions, TLS should be used if
the infrastructure is available.
If TLS is not used, then HTTP Digest will be used for mutual authentication. It is
not as secure as TLS.
29) Setup and Configuration Server logs into AMT system with the username and
password, and provisions all required data items:
a. New PPS and PID (for future Setup and Configuration)
b. TLS certificates
c. Private keys
d. Current date and time
e. HTTP Digest credentials
f.
HTTP Negotiate credentials
Other options can be set depending on S&CS implementation.
30) The system goes from In-Setup phase to Operational phase. AMT is fully
operational. Once in the Operational phase, the system can be remotely
managed and can be provided to the end-user for regular use.
35
Seite drucken