Well, it probably won’t work if you stick it there, but the

truth is that there are a lot of certificates used in AMT, and knowing where to

put those certificates and their private keys can save a lot of hair pulling

down the line.

<!--<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtevml+1">if gte vml 1>
id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"

path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">





































]]>

<v:imagedata src="file:///C:\DOCUME_{1\gjbevan\LOCALS}1\Temp\msohtmlclip1\01\clip_image001.emz"

o:title=""/>

endif><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if%21vml">if !vml</a>>!AMT Certs.jpg!<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=endif">endif</a>><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtemso9">if gte mso 9>


DrawAspect="Content" ObjectID="_1253102892">



endif-->]]>

AMT Certificates

Let’s start with the AMT system itself.

TLS Certificate

If the SCS profile calls for TLS to be enabled then a

private key and certificate are generated at the SCS and then installed on the

Amt device as part of the provisioning process. This certificate and key are

then used in future communications between the SCS and the AMT device and the

Management Console and the AMT device. I’m going to use the SMS Add-on as an

example of the management console because it uses gSOAP libraries which have

addition certificate storage requirements.

802.1x Certificate

If the SCS profile calls for and 802.1x certificate then a

private key and certificate are generated at the SCS and installed on the AMT

device as part of the provisioning process. This certificate and key are used

to allow the AMT device to connect to an 802.1x protected network without the

host operating system being available.

Mutual Authentication Root Certificate (MTLS Root)

The MTLS root certificate is used by the AMT device to

validate the mutual authentication certificate provided by the SCS or

management console after provisioning has completed. (Assuming of course that

the SCS profile used for provisioning configures MTLS). This certificate is

installed during the provisioning process. Note only the certificate is

installed – there is no private key installed for this certificate.

h1. Remote Configuration

The remaining two certificates on the AMT device are used

for Remote Configuration. This feature is available in AMT 2.2, 2.6 and 3.0.

(Note that does not include 2.5).

Remote Configuration Root Certificate (RCFG Root)

Actually this is not a whole certificate. It’s just the

certificate thumbnail, referred to as a hash. The certificate hashes can come

from a couple of places:

<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if+%21supportLists">if !supportLists</a>>·

hashes from VeriSign, GoDaddy and Comodo.

<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if+%21supportLists">if !supportLists</a>>·

<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=endif">endif</a>>Your OEM can place a certificate hash of your

choosing on to the AMT devices you buy as part of their manufacturing process.

E.g. if you have your own PKI and wish to use your own root certificate.

<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if+%21supportLists">if !supportLists</a>>·

manually enter the certificate hash into the MEBx screen.

The advantages and disadvantages of each of these methods

are best left for another discussion.

This certificate is used to validate the remote

configuration certificate provided to the AMT device by the SCS service that is

trying to provision the AMT device. The details of this validation are somewhat

complicated and also best left to another discussion.

Remote Configuration Self Signed Certificate

Finally the remote

configuration processes requires the AMT device to generated its own self

signed (i.e. there is no certificate authority involved – and hence no trust

established) certificate to serve as a TLS/SSL certificate in place of the Pre

Shared Key (PSK) that was used to protect provision in earlier version of AMT.

Both the certificate and the key are generated locally on the AMT system.

SCS Certificates

Once we get to the server side, certificates become more

interesting as we have to know which Windows certificate store to put the

certificate and private key.

The SCS requires four certificates.

SSL Certificate

The SCS service runs as a web service within IIS.

Connections to the service can be carried out by the SCS console or by an ISV

supplied UI. To secure this traffic the SCS service requires that these web

services be protected by TLS/SSL. The SSL certificate is the same type used to

secure other web servers like amazon.com or eBay.

This certificate is installed in the Windows certificate

store of the service account used to run IIS. If you use the IIS “Server

Certificate” this is a two step process. First the IIS server generates the

private key and a certificate request. The private key is stored in the IIS

service account key store, and the request is stored in a text file. The

certificate request is then sent to the CA who issues the certificate. The

wizard then installs the certificate and matches it up with the private key.

<!--<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtevml+1">if gte vml 1>
type="#_x0000_t75" style='width:555pt;height:444pt' o:ole="">

]]>

<v:imagedata src="file:///C:\DOCUME_{1\gjbevan\LOCALS}1\Temp\msohtmlclip1\01\clip_image003.emz"

o:title=""/>

endif><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if%21vml">if !vml</a>>!SCS Certs.jpg!<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=endif">endif</a>><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtemso9">if gte mso 9>


DrawAspect="Content" ObjectID="_1253102893">



endif-->]]>

TLS Root

The TLS root certificate is the root certificate from the

certificate chain that issued the TLS certificates to the AMT devices. This may

or may not be the same as your MTLS Root, depending on how you issue your

certs. This certificate is used to validate the TLS certificate provided by the

AMT device when the SCS connects to the device to perform some function after

initial provisioning. This could be re-provisioning or one of the maintenance

tasks that the SCS performs – like setting the AMT system time.

There is no private key associated with this certificate.

The certificate should be stored in the “Trusted Root Certification

Authorities” folder of the SCS service accounts certificate store.

Mutual TLS Authentication Certificate

This certificate is used by the SCS to authenticate itself

to the AMT devices. Both the certificate and the private key should be stored

in the SCS service accounts “Personal” certificate store. The root certificate

of the chain must be installed on the AMT device during provisioning to allow

this authentication mechanism to work correctly.

Remote Configuration Certificate

This is the most interesting of the three SCS service

certificates. This is because the certificate needs to be in two certificate

stores – but the private key only needs to be in one. The SCS service presents

this certificate to the AMT device to start remote provisioning. As this is a

mutually authenticated TLS session, the SCS service must have access to the

private key. So the certificate and private key should be installed in the SCS

service accounts certificate store.

To configure SCS for remote configuration, a utility called

“loadcert.exe” is run. This utility lists the certificates in the local

computer store and you select the one you want the SCS service to use for

remote configuration. The utility then make a registry entry containing the

thumbnail of the certificate. The SCS service looks at this registry entry and

then looks up the selected certificate in the SCS service account certificate

store. Because the loadcert.exe utility reads from the local computer store,

the remote configuration certificate needs to be installed in there. But,

because it is only read by the utility to extract the thumbnail, the private

key does not have to be installed in the local computer store.

SMS (Management Console) Certificates

Certificates for the SMS Add-on are complicated by the use

of the gSOAP libraries. GSOAP is a cross platform, open source web services

development toolkit. Because it is cross platform it does not (obviously) use

the windows certificate store. Instead it uses a file format called PEM (from

the Privacy Enhanced Mail system). PEM files store certificates and keys as

base-64 encoded strings. This makes them easy to manipulate (with things like

notepad) and portable between systems. The following discussion assumes a 3

level PKI hierarchy, with a root CA, policy CA and an issuing CA. If there is

sufficient interest I can talk about PKI hierarchies on a separate thread.

As the SMS is also a windows program, it also needs its

certificates in the windows store.

<!--<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtevml+1">if gte vml 1>
type="#_x0000_t75" style='width:566.25pt;height:407.25pt' o:ole="">

]]>

<v:imagedata src="file:///C:\DOCUME_{1\gjbevan\LOCALS}1\Temp\msohtmlclip1\01\clip_image005.emz"

o:title=""/>

endif><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=if%21vml">if !vml</a>>!SMS Certs.jpg!<!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=endif">endif</a>><!<a class="jive-link-adddocument" href="http://communities.intel.com/openport/community-document-picker.jspa?communityID=&subject=ifgtemso9">if gte mso 9>


DrawAspect="Content" ObjectID="_1253102894">



endif-->]]>

h2. Mutual Authentication Certificate (MTLS)

If the AMT profile the SCS calls for mutual TLS, then the

management console needs to supply an MTLSS certificate. This certificate, and

its private key, needs to be installed in SMS Add-on Service account

certificate store. This allows the SMS Add-on service to access the key for

operations such as power management. Because

the windows certificate store can “walk certificate chains”, only the MTLS cert

needs to be installed. Windows will work out where to get the rest of the chain

from on its own.

This is not true for the PEM file. In order for the gSOAP

library to have access to the certificate chain, all the chain entries must be

placed in the file (in the right order).

TLS Root Certificate

When a connection to the AMT device is made, it presents its

TLS certificate. In order for the Management console to trust the certificate,

the root certificate the issued the AMT certificate must be installed in the

“Trusted Root Certification Authorities” folder in the SMS Add-on’s certificate

store. . Because the windows certificate

store can “walk certificate chains”, only the TLS root cert needs to be installed.

Again, this is not true for the PEM file. In order for the

gSOAP library to have access to the certificate chain, all the chain entries

must be placed in the file (in the right order).

When dealing with Initial trust it is important to figure out who is trusting what.

First we will define a few terms to use.

Verifier - The entity that wants to trust the platform.
Platform - the vPro platform everyone is buying (you are buying one aren't you?)
Platform Configuration - the set of software measured by the platform (vPro measures BIOS and if executing the VMM)
Platform credentials - evidence of the platform properties which on vPro includes presence of TPM and the ability to execute TXT.

Now with these definitions let us work through a few trust decisions.

IT wants to trust new platform in the enterprise

Here we are assuming that the platform is brand new. The IT department uses the platform credentials to ensure that the platform delivered matches the platform credentials. If the platform does not come with credentials IT can create credentials for internal IT use.
Trust here is on either supplied credentials or direct creation of new credentials.

IT wants to trust a platform as it attaches to the network

here the platform contacts an access point (wired or wireless) and before assigning an IP address the access point asks for the current platform configuration. The trust necessary here is that the access point has to have sufficient evidence of the platform properties (credentials from our first use model) and then the access point obtains the platform configuration and validates the TPM report. (note that this is just the network access control protocol)
The access point must be able to determine what is a valid platform configuration and it does not matter if it is the first time the platform connects or the 20th time. The only issue is does the access point understand the platform configuration, if it does then the access point grants access, if it does not the access point blocks access. Determination of a valid platform configuration includes knowing what BIOS is supposed to be present and which VMM is supposed to be running.
Trust in this model requires the platform evidence (credentials) and the ability to understand the platform configuration.

Timing for the first two models does not matter. Whenever IT creates the evidence it is sufficient for IT, does not matter if it is the first day of use for the platform or in the second year of use. If one is using NAC, then the credentials provide the root of trust to believe the measurements and then the measurements provide information on the platform configuration. What else is executing on the platform does not change what measurements were taken. Measurements are not a one time operation but occur each time the associated root of trust executes (static RTM that is on each boot, dynamic RTM occurs on each invocation of GETSEC[SENTER]). It does not matter what else is executing or has executed, the measurement represents what occurred during the execution of the RTM.

Understand that platform configuration would not normally include the entire application stack. Rather the measured environment would provide additional measurements for applications. The entries in the PCR represent those components measured by the RTM and do not normally include applications. For instance when launching TXT the DRTM measures the SINIT authenticated code module, the measured launched environment (MLE), and a few registers. That is it. No applications, additional measurements would be provided by the MLE for applications or environments the MLE launches.

Applications can not just register with the TPM, there must be some process that measures the application and stores the measurement into some repository (which may or may not be the TPM).

Hopefully this little explanation helps in who is trusting what.

David

If your in Dresden on October 9-11th, I would recommend to check out this workshop.. From the attendees, you can see Microsoft, Altiris, & LANDesk will be there. Plus from the Intel side you have Mike Seawright, he's one of our key activation folks that has been out deploying AMT.

Here's the abstract: This is an in-depth workshop on how to implement Intel Active Management (AMT).

This workshop is especially designed for IT engineers, system architects, pre-sales or post-sales support staff, who are involved in improving business processes or implementing new technologies, either in-house or at customer locations.

or you can email Frank Rommel @ frank.rommel@intel.com.

A short demonstration of Intel AMT Commander working to fix an Intel Centrino Pro laptop with Active Management Technology (AMT). I borrowed the computers from the Pro Chalenge at IDF to tape this and it turned out pretty well. Probably one of the fasted demonstrations ever! Intel AMT Commander is part of the Intel AMT DTK and avaialble freely on Intel.com

Ylian (Intel AMT Blog)

IDF - PRO Classes

If your headed to IDF, here are the specific PRO classes & speakers

Session ID Title Speakers

• SCIC001 Security Technologies - Chalk Talk Doughty/Smith/Grawrock

• SCIS001 Security Kickoff: Providing World-Class Security
  and Data Protection for the PC Platform Rob Crooke

• SCIS002 The Intel Safer Computing Initiative and Trusted
  Computing Grawrock/Brickell

• SCIS003 Making Security Practical in the Enterprise with
  Client Technologies Grobman/Smith

• SCIS004 The Front Door of Trusted Computing: Controlling
  the Software Stack with Intel® TXT Grawrock

• SCIS005 Delivering Security Requires More Than Features David Doughty

• SCIS006 Research on Platform Security Technologies David Durham

Session ID Title Speakers

• BDOL001 Intel® Active Management Technology Lab Ylian Saint-Hilaire

• BDOP001 Panel: "Software as a Service" (SaaS) Chuck Brown

• BDOS001 Directions on the Business Desktop and Mobile PC Marek/Tucker

• BDOS002 Intel® vPro^TM Processor Technology Value Proposition
  to Managed Service Providers Supporting SMBs Kevin Havre

• BDOS003 "Software as a Service" (SaaS)/Streaming Compute
  Initiative Technical Session Khosravi/Fraser

• BDOS004 Intel® Active Management Technology Hedrick/Maresky

• BDOS005 Intel® Virtualization Technology on Next-Generation
  Client Platforms Klotz/Bailey

• BDOS006 Pro Platform Interoperability and Integration -
  Are You Pro Ready? Chan/Hilliker

• BDOS008 Small Business: Jump-start your eCommerce
  Development with Overviews from eBay, PayPal
  and Skype* Kumar Kandaswamy

If your headed to IDF let me know.. if you can't make it, we're going to get whatever we can on PRO material & post here.

In the short history of the Intel AMT Developer Tool Kit (DTK), this is probably the single release with the most changes and improvements in it. One look at the change log and you notice that there are lots of improvements in many areas of the DTK. In this blog, I want to touch on a few of the major new features.

Intel AMT Guardport, a C/C++ version of the Intel AMT Outpost serial agent. Many have noticed that Intel AMT Outpost is a quite powerful Intel AMT agent. The main problem with Outpost is that it is rather fat software and makes use of .NET. It's not practical if you are going to run it on 1000's of computers or most importantly, add it to a recovery OS image. Intel AMT Guardpost is a light weight port of the most important feature of Outpost, the serial agent. Guardpost is a statically linked .exe file (no other .DLL's required) that finds the SOL COM port automatically and binds to it. It offers a command prompt and the same binary-over-SOL support that Outpost supports. In this version, Guardpost is still very limited but supports remote process monitoring and the most impressive of the Outpost features: TCP-over-SOL.

Intel AMT Interceptor, a trace and debug tool that connects to Intel AMT Switchbox. This new tool takes advantage of a new debug port in Switchbox to show in real-time all of the traffic going thru Switchbox. It shows in real time HTTP, SOL and IDE-R traffic flowing thru and for each data chunk, its source and destination. It even works with TLS since a console with authenticate with Switchbox and Switchbox will perform its own TLS connection to Intel AMT. At a minimum, this new tool is very educational for people curious to see in-depth, what Intel AMT network traffic looks like.

Intel AMT DTK Internationalization effort. A lot of effort is going into internalization of the Intel AMT DTK. This started months ago with Simplified Chinese and Japanese support. In order to make it easier to internationalize the DTK (or any .NET application) we started work on a Resource Translator tools. It's only part of the source code package and it's just an early tool right now. I have used it to start translation into French of the Intel AMT Terminal. Some will also notice that some of the Terminal is translated into Hebrew to test to right-to-left support and NetStatus is translated to Russian.

Lots more improvements are coming up for the DTK. Mostly, I have to code all the time and I sometimes have to put aside answering mails for a while. I will try to answer more mails next week.

Audio File: Ylian's audio blog on the Intel AMT DTK v0.38 (.mp3)

Ylian

Traditionally speaking - if security is improved, manageability suffers. The reverse of this is true also - traditionally.

Intel vPro presents a different approach and perspective to this common understanding - consider some of the usage models and scenarios described at the follow link. http://www.intel.com/business/vpro/index.htm (see the "improve security" and "extend manageability" links on this page under Resources - lower right side)

The above links demonstrates and introduces the usage models and capabilities. But - what about ensuring the security of the platform. As commonly inquired - "Could vPro be used maliciously?". Considering that any tool of value - even the screwdriver sitting in a garage or a desk drawer - could be used maliciously, the question might be better phrased - "What are the built-in security features of Intel vPro?" The following is only a summary and overview - yet should provide some comfort in the platform. (BTW: Are you aware of all the security features in current environments, or would introducing vPro perhaps expose a long term policy or technological oversight? Just a thought.)

• Internal security - Use of Intel digitally signed firmware. In some cases, the OEM will also require their digital signature for firmware updates. The non-volatile RAM (NVRAM) has strict security and access control. There is a small section referred to as "3rd party datastore" or 3PDS. Access to this area requires registration with Intel and granting of a token. Communications into the management engine occur through secure channels - whether from the operating system or from the network interface. Generally speaking - compromising the internal security would indicate there are bigger problems in the environment.

• Enterprise setup and configurationsecurity - Enterprise mode setup and configuration is handled via either a pre-shared secret or certificate based authentication. (see related blog on the latter). The configuration uses secure handshakes, authentication, and so forth. Replay attacks are prevented. With the latest configuration service, option to require authentication or approval of systems to be provisioned\configured. Pre-shared keys are changed after configuration, and subsequently based on definable schedules. Minimal setup rights can be used to limit exposure of accounts to perform setup\configuration. Security audit logs and event logs monitor activities. The process also has dependencies on the enterprise DHCP, DNS, PKI\CA, and so forth. Generally speaking - if the enterprise setup and configuration service is compromised, there are bigger problems wtihin the environment (whether technological, social networking, policy\procedure, etc)

• Operator Security - Roles, permissions, and AMT security realm access control come into play here. This effectively defines who is allowed to configure the "configuration services", who is allowed to authorize or change vPro configurations, and who is allowed to utilize functions on configured vPro systems. The "who" could be defined by a user, group, service, etc.In addition - use of Kerberos for user rights mgmt and so forth provides an integration into the Microsoft Active Directory. Thus a group of users can be defined withe various levels of access control and capability. Plus - all security related actions and configuration changes can be logged. Generally speaking - if an operator compromising vPro security, there are likely bigger problems in the environment (eg. policies, procedures, etc)

• Communication Security - Once a system configured, transport layer security (TLS) or Mutual TLS can used to secure management traffic. User sessions can authenticated using a digest protocol or Kerberos.

• Infrastructure Security - Since vPro effectively hasa separate management computer inside, this management engine can be configured for environments supporting wireless profiles (WPA or WPA2), VLAN, Network Access Control, 802.1x, etc.

• Operational Client Security - On top of all the configuration security items is the end-user usage and capabilities. Items such as System Defense, Agent Presence, remote power management, and so forth.

This returns to the first question - Can manageability and security be raised together for client management?

Open to hear from the community on your thoughts - whether in agreement or disagreement.