{"id":15779964,"url":"https://github.com/rgl/amt-setupbin","last_synced_at":"2025-03-31T15:55:28.311Z","repository":{"id":215816646,"uuid":"739827814","full_name":"rgl/amt-setupbin","owner":"rgl","description":"create a intel amt configuration setup.bin file and setup.bin.img disk image","archived":false,"fork":false,"pushed_at":"2024-02-04T19:39:26.000Z","size":28,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-31T11:05:55.903Z","etag":null,"topics":["amt","intel-amt","open-amt","openamt","vpro"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-06T17:05:56.000Z","updated_at":"2024-07-28T12:53:17.000Z","dependencies_parsed_at":"2024-01-06T19:26:33.287Z","dependency_job_id":"e76f8ea1-37f7-46de-8d8f-3e580deccd9a","html_url":"https://github.com/rgl/amt-setupbin","commit_stats":null,"previous_names":["rgl/amt-setupbin"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Famt-setupbin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Famt-setupbin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Famt-setupbin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Famt-setupbin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/amt-setupbin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246492463,"owners_count":20786373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amt","intel-amt","open-amt","openamt","vpro"],"created_at":"2024-10-04T18:22:05.276Z","updated_at":"2025-03-31T15:55:28.282Z","avatar_url":"https://github.com/rgl.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# About\n\n[![Build status](https://github.com/rgl/amt-setupbin/workflows/build/badge.svg)](https://github.com/rgl/amt-setupbin/actions?query=workflow%3Abuild)\n\nThis facilitates the bootstrap of a [OpenAMT Cloud Toolkit](https://github.com/open-amt-cloud-toolkit/open-amt-cloud-toolkit) sandbox by creating a private AMT provisioning certificate and AMT configuration file.\n\nThis creates:\n\n* A private AMT CA for the `amt.test` AMT domain.\n* The AMT domain provisioning certificate.\n* The `Setup.bin` AMT configuration file.\n* The `Setup.bin.img` USB key disk image with the AMT configuration file.\n\n# Usage\n\nInstall `openssl`.\n\nInstall `docker` and `docker compose`.\n\nConfigure your network to resolve the `mps.amt.test` domain to your local\nmachine IP address.\n\nClone the [open-amt-cloud-toolkit repository](https://github.com/open-amt-cloud-toolkit/open-amt-cloud-toolkit).\n\nCopy the `.env.template` file to the `.env` file.\n\nOpen the `.env` file and set/modify the following variables:\n\n```conf\nMPS_COMMON_NAME=mps.amt.test\nMPS_WEB_ADMIN_USER=standalone\nMPS_WEB_ADMIN_PASSWORD=G@ppm0ym\nMPS_JWT_SECRET=Yq3t6w9z6CbE3HRMcQfTjWnZr4u7x6AJ\nPOSTGRES_PASSWORD=postgresadmin\nVAULT_TOKEN=root\n```\n\nFor more information see https://open-amt-cloud-toolkit.github.io/docs/2.17/Reference/architectureOverview/#passwords.\n\nStart OpenAMT in foreground:\n\n```bash\ndocker compose up\n```\n\nCreate the AMT CA, the AMT provisioning certificate, and the `Setup.bin` AMT configuration file:\n\n```bash\n./create-provisioning-certificate.sh\n```\n\n**NB** View/Change the passwords at the top of the [`create-provisioning-certificate.sh` file](create-provisioning-certificate.sh).\n\nCreate the [new `amt.test` OpenAMT Domain](https://mps.amt.test/domains/new) and import the `amt-ca/amt.test.pfx` file.\n\nBurn the `amt-ca/Setup.bin.img` disk image into a USB key, or copy the `amt-ca/Setup.bin` file to the root directory of an empty FAT32 USB key.\n\nAt each AMT device:\n\n1. Plug-in the USB key, (re)boot the device, then let AMT be configured from the USB key.\n    * If you end-up at the OS, you can force a reboot into the firmware with:\n      * Linux OS: `sudo systemctl reboot --firmware-setup`\n      * Windows OS: `shutdown /r /fw`\n2. At the device OS, using the rpc tool, active AMT with:\n    * `sudo ./rpc activate -u wss://mps.amt.test/activate -n -v -profile acm`\n    * **NB** The `-n` flag will blindly trust the `mps.amt.test` certificate.\n3. At the device OS, using the rpc tool, verify the AMT state and certificates:\n    * `sudo ./rpc amtinfo -password 'HeyH0Password!' -cert`\n4. To immediately trigger the AMT CIRA connection to OpenAMT MPS:\n    1. Unplug the network cable.\n    2. Wait a couple of minutes.\n    3. Plug the network cable.\n\nAt the [OpenAMT UI](https://mps.amt.test):\n\n1. Wait until the device appears as connected.\n2. Try to access the device (e.g. start a `KVM` session).\n\n# Notes\n\n* The AMT domain can be anything, as long as you use it as the AMT device\n  PKI DNS Suffix. it will not be used in any actual endpoint or request.\n  the associated certificate and pfx will be only used once, at the AMT\n  device activation time.\n* But to keep things simpler to reason about, it should be the same domain\n  (or a suffix) that is returned by the DHCP server (DHCP Option 15) that\n  is in the AMT device LAN.\n* If it's signed by a private CA, as we do here, that private CA certificate\n  hash must be manually added to the AMT device, similar to what we do with\n  the Setup.bin file that is copied to the USB key used to manually\n  configure AMT at the AMT device.\n* This is not related to the MPS domain or certificate. Therefore, it does not\n  matter which CA signs the MPS certificate. In the case of OpenAMT, it is\n  signed by an OpenAMT-created private CA (the MPSRoot CA). That CA is\n  injected into the AMT device at its activation time (by the rpc tool).\n* When the rpc tool is activating the AMT device, the AMT device will\n  challenge the rpc tool to sign a message with this AMT domain private key.\n* For more details, see:\n    https://open-amt-cloud-toolkit.github.io/docs/2.17/Reference/Certificates/generateProvisioningCert/.\n\n# Reference\n\n* [rgl Intel AMT Notes](https://github.com/rgl/intel-amt-notes)\n* [Intel AMT SDK](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm)\n  * [Deprecated and Deleted Features](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fdeprecatedanddeletedfeatures.htm)\n  * [Setup and Configuration of Intel AMT](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fsetupandconfigurationofintelamt.htm)\n    * [Setup and Configuration Components](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/setupandconfigurationcomponents1.htm)\n    * [Remote Configuration](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/remoteconfiguration.htm)\n      * [Setup and Configuration Using PKI (Remote Configuration)](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/setupandconfigurationusingpkiremoteconfiguration.htm)\n        * [Prerequisites for Remote Configuration](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/prerequisitesforremoteconfiguration.htm)\n  * [Intel AMT Features](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fintelamtfeatures.htm)\n    * [Enabling Client-Initiated Remote Access Fast Call for Help](https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fenablingclientinitiatedremoteaccessfastcallforhelp.htm)\n* [Open Active Management Technology Cloud Toolkit](https://open-amt-cloud-toolkit.github.io/docs/2.17/)\n  * [Custom Provisioning Certificate](https://open-amt-cloud-toolkit.github.io/docs/2.17/Reference/Certificates/generateProvisioningCert/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Famt-setupbin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Famt-setupbin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Famt-setupbin/lists"}