Ok, I have one more trick for all you Intel AMT developers trying to build high security software. One good use of Intel AMT is for power state monitoring, one could build an application that polls many computers for their power state and plots the results on a graph. You can see just how “green” your network is. Typically to do this, you call the Intel AMT method to get the power state periodically located in the Remote Control security realm of Intel AMT.
The way Intel AMT security realms are designed: granting a user access to the Remote Control realm gives this user access to reading the power state but also turning on and shutting down (hard shutdown) the computer. As a result, the nice monitoring application you are building can only be run by trusted administrators. It would be nice to be able to create an Intel AMT user with only minimal access to features that could only be used to read the power state and not much else. This is not technically possible…
But wait, there is a trick! Create a user account within Intel AMT with only General Info and Hardware Inventory access. These two realms are the minimum needed to access the Intel AMT web UI. Then, using a normal browser we can load the Web UI and notice that the computer power state is displayed on the web page! With a little code, we can extract this information out of what is normally a human readable web page.
Of course, this is a hack and your software may need to be upgraded as new firmware may change the WebUI. Still, it’s such a good trick; I use it with great success in my own code. Note that the Intel AMT 2.0 page is a little different from Intel AMT 2.5 and above. So far, I have to handle 2.0 differently but the same parsing code seems to work on all Intel AMT computers (up to 5.0). Also, that web UI page is very fast and you get, as bonus information, the computer’s unique identifier and Intel AMT time in a single call.
The only drawback I have noticed is that the WebUI will show the string “Standby” for both S1 and S3 states. So you can’t tell exactly what power state it’s sleeping in. Otherwise, you can detect S0, S4 and S5 states.