Remote Configuration: Bare-Metal Vs. Delayed - HP dc7800 - Convertible Minitower PC Setup And Configuration Manual

RCFG relies on several new AMT features:
•
Embedded Hash Root Certificates
•
Self Signed Certificate
•
One-Time Password
•
Timed network access
One or more hash root certificates are embedded into the AMT firmware. These certificates are integrated
into the Hello messages sent by the AMT system to the SCS. The SCS must have compatible certificates to
authenticate the AMT system.
A self signed certificate can be generated to create a secure connection between the AMT system and the
SCS. This certificate is used for encryption, not authentication. The SCS will use the public key from the
self signed certificate to encrypt the session key it generates and sends it to the AMT system. The AMT sys-
tem can decrypt SCS session key with its private key.
The One-Time Password (OTP) is created during provisioning. This password is used with the remote con-
sole to initiate RCFG and it is sent to both the AMT system and the SCS. This password is used to improve
security.
The network interface used to send out Hello messages is functional for a limited amount of time. The
amount of time is configurable by the OEM.

Remote Configuration: Bare-Metal vs. Delayed

There are two ways to implement Remote Configuration: Bare-Metal and Delayed.
Bare-Metal, as the name implies, is remote configuration of the AMT system without an operating system;
in other words, only the hardware. In this implementation, Setup and Configuration is started (Hello mes-
sage broadcast) as soon as the ME is active and the system is connected to a network. This means that
the AMT system is configured without the use of a local agent and does not use One Time Password (OTP)
authentication.
Bare-Metal RCFG is only available for AMT 3.0 on the dc7800p HP Compaq Business PC. It is not avail-
able for AMT 2.2 on the dc7700p HP Compaq Business PC.
Delayed, as the name implies, is remote configuration at a later time when an operating system has been
installed on the AMT system. In this implementation, Setup and Configuration is started when a remote
console application initiates the process by communicating with the ME through the HECI driver. This
requires a functional OS and agent to be installed on the AMT system. OTP authentication can be used; it
is optional. The remote console provides the OTP to the AMT system and to the SCS.
Consult your ISV management console provider for details on operating system agents for Delayed remote
configuration support.
Delayed RCFG is available for both AMT 3.0 on the dc7800 HP Compaq Business PC and AMT 2.2 on
the dc7700p HP Compaq Business PC.
26