amt-howto - Intel AMT with linux mini howto
What is AMT
and why I should care?
AMT stands for "Active Management Technology". It provides some remote management facilities. They are handled by the hardware and firmware, thus they work independant from the operation system. Means: It works before Linux bootet up to the point where it activated the network interface. It works even when your most recent test kernel deadlocked the machine. Which makes it quite useful for development machines ...
Intel AMT is part of the vPro Platform. Recent intel-chipset based business machines should have it. My fairly new Intel SDV machine has it too.
Look here for documentation beyond this mini howto:
Most useful to get started: "Intel AMT Deployment and Reference Guide"
AMT enabling instructions.
Enter BIOS Setup.
* Enable AMT
Enter ME (Management Extention) Setup. Ctrl-P hotkey works for me.
* Login, factory default
password is "admin".
* Change password. Trivial ones don’t work, must include upper- and lowercase letters, digits, special characters.
* Enable AMT Managment.
Reboot, Enter ME Setup again with AMT enabled.
* Configure AMT (hostname,
network config, ...)
* Use SMB (Small Business) management mode. The other one (Enterprise) requires Active Directory Service Infrastructure, you don’t want that, at least not for your first steps ...
Take your browser, point it to http://machine:16992/. If you configured AMT to use DHCP (which is the default) the OS and the management stack share the same IP address.
You must do that from a remote host as the NIC intercepts network packets for AMT, thus it doesn’t work from the local machine as the packets never pass the NIC then. If everything is fine you’ll see a greeting page with a button for login.
You can login now, using "admin" as username and the password configured during setup. You’ll see some pages with informations about the machine. You can also change AMT settings here.
You might have noticed already while browing the pages: There is a "Remote Control" page. You can remotely reset and powercycle the machine there, thus recover the machine after booting a b0rken kernel, without having someone walk over to the machine and hit the reset button.
AMT also provides a virtual serial port which can be accessed via network. That gives you a serial console without a serial cable to another machine.
If you have activated AMT and SOL the linux kernel should see an additional serial port, like this on my machine:
dmesg | grep ttyS2
0000:00:03.3: ttyS2 at I/O 0xe000 (irq = 169) is a 16550A
Edit initab, add a line like this:
T2:2345:respawn:/sbin/getty ttyS2 115200 vt100-nav
You should add the serial port to /etc/securetty too so you are able to login as root. Reload inittab ("init q"). Use amtterm to connect. Tap enter. You should see a login prompt now and be able to login.
You can also use that device as console for the linux kernel, using the usual "console=ttyS2,115200" kernel command line argument, so you see the boot messages (and kernel Oopses, if any).
You can tell grub to use that serial device, so you can pick a working kernel for the next boot. Usual commands from the grub manual, except that you need "--port=0xe000" instead of "--unit=0" due to the non-standard I/O port for the serial line (my machine, yours might use another port, check linux kernel boot messages).
The magic command for the Xen kernel is "com1=115200,8n1,0xe000,0" (again, you might have to replace the I/O port). The final ’0’ disables the IRQ, otherwise the Xen kernel hangs at boot after enabling interrupts.
Fun with Xen
The AMT network stack seems to become slightly confused when running on a Xen host in DHCP mode. Everything works fine as long as only Dom0 runs. But if one starts a guest OS (with bridged networking) AMT suddenly changes the IP address to the one the guest aquired via DHCP.
It is probably a good idea to assign a separate static IP address to AMT then. I didn’t manage to switch my machine from DHCP to static IP yet though, the BIOS refuses to accept the settings. The error message doesn’t indicate why.
You might want to download the DTK (Developer Toolkit, source code is available too) and play with it. The .exe is a self-extracting rar archive and can be unpacked on linux using the unrar utility. The Switchbox comes with a linux binary (additionally to the Windows stuff). The GUI tools are written in C#. Trying to make them fly with mono didn’t work for me though (mono version 1.2.3 as shipped with Fedora 7).
Gerd Hoffmann <kraxel [AT] redhat.com>