Intel MEBX User Guide for Intel 7 Series Chipset

Intel® ME Manageability Features

Appendix B: Changes to Redirection Protocols

Before Intel AMT 6, firmware had the small/medium business (SMB) and the

enterprise (ENT) provisioning modes. ENT was inherently more secure than

SMB, which was meant to be more open and easy, but less secure. This change

had an effect on the redirection protocols.

Before Intel AMT 6:

SMB: redirection ports were left open and Intel ME was listening constantly to

the ports. ISV’s writing consoles that dealt with redirection would then just open

a connection to the ME machine. No extra steps were needed. The following flow

was used:

1. Open a connection

2. Perform redirection actions (SOL/IDER)

3. Close the connection.

ENT: Redirection ports were closed meaning Intel ME was not listening for

redirection connections. An SMB console wishing to open a connection to an

ENT machine would fail since the ports were closed. For the connection to

succeed (and how ENT consoles are implemented in the market) the following

flow was used:

1. Send “open port” command to the Intel ME machine

2. Open a connection

3. Perform redirection actions (SOL/IDER)

4. Close the connection

5. Send “close port” command to the Intel ME machine

In Intel AMT 6 and above:

Since both provisioning modes are combined, the more secure option was chosen,

but to ensure backwards compatibility for older SMB consoles (that need the

ports left open to succeed in creating SOL/IDER connections since they do not

send the open/close commands) we needed another setting, the “legacy

redirection mode”.

If “legacy redirection mode” is set to enabled, the ports are left open, and SMB

consoles will be able to connect (open and close the port is not needed)