1 of 1 people found this helpful
Intel AMT requires build in Intel AMT enabled LAN PHY (SKUs with -LM at the end of their description) (and/or AMT enabled WiFi Controller HW) as it provides HW means for OOB TCP/IP stack. If you add any additional LAN HW (does not matter which vendor or what bus) it will not support Intel AMT OOB.
Please note that depending on configuration (Host VPN support and Home Domains) Intel AMT when configured may receive messages over other than AMT interfaces when OS is running. So local vulnerability shall be disabled by blocking LMS services - see Mitigation Guide published at Download INTEL-SA-00075 Mitigation Guide
"If you add any additional LAN HW (does not matter which vendor or what bus) it will not support Intel AMT OOB."
Woo-hoo! This is what I hoped for. Thank you very much. Time to peruse the mitigation guide.