HP Business Notebook Intel® vProTM setup and configuration 2011 Business Notebook Models - Technical white paper
20
6. The system BIOS will detect for a USB drive key.
a. If found, the BIOS will look for a Setup.bin file at the beginning of the drive key.
i. Go to Step 7.
b. If no USB drive key or Setup.bin file is found, then boot normally.
ii. Ignore Steps 7-11.
7. The system BIOS will display a message that automatic setup and configuration will occur.
a. The first available record in the Setup.bin will be read into memory.
iii. Validate the file header record.
iv. Locate the next available record.
v. Invalidate current record so it cannot be used again.
b. Place the memory address into the MEBx parameter block.
c. Calls MEBx.
8. MEBx processes the record.
9. MEBx writes completion message to display.
10. The IT technician powers down the system.
a. The system is in In-Setup phase at this time.
b. It is ready to be distributed to user in an Enterprise mode environment.
11. Repeat Step 5 if necessary (more than one system).
Refer to your management console supplier for more information on USB drive key setup and
configuration.
Remote Configuration
Remote Configuration (RCFG) is the ability to use a single OEM image to provision systems securely
without the need to manually modify AMT options. RCFG uses a Public Key Infrastructure with
Certificate Hashes (PKI-CH) protocol to maintain security. A DHCP environment is required. RCFG
relies on several new AMT features:
Embedded Hash Root Certificates
Self Signed Certificate
One-Time Password
Delayed network access
One or more hash root certificates are embedded into the AMT FW. These certificates are integrated
into the Hello messages sent by the AMT system to the SCS. The SCS must have compatible
certificates to authenticate the AMT system.
A self signed certificate can be generated to create a secure connection between the AMT system and
the SCS. This certificate is used for encryption, not authentication. The SCS will use the public key
from the self signed certificate to encrypt the session key it generates and sends it to the AMT system.
The AMT system can decrypt SCS session key with its private key.
The One-Time Password (OTP) is created during provisioning. This password is used with the remote
console to initiate RCFG and it is sent to both the AMT system and the SCS. This password is used to
improve security.
The network interface used to send out Hello messages is functional for a limited amount of time once
remote configuration has been activated which is known as delayed remote provisioning.
Delayed network access, as the name implies, is remote configuration at a later time when an OS has
been installed on the AMT system. In this implementation, setup and configuration is started when a