Casper.Dik at Sun.COM wrote: >>No. Even in promiscuous mode the host OS does not receive AMT packets. >>Don't know how it's done. >> >> > >Pretty much the same as can be observed on BMC systems with shared >management such as the LX50. > >Questions: > > - Can AMT be configured from Solaris (IP, MAC, everything) > > AFAIK, No. The configuration related APIs exported by ME are only available for remote nodes. The ME can tell if the request comes from the Host OS or from remote.
I guess the advantage of this is that, if the OS is compromised by virus, it'll never have the chance to turn off/change the System Defense policies (Intrusion Detection) configured in ME. > - Can it be switched off (from Solaris) > > I haven't found a way to do this from the Host OS. Unprovisioning (restoring it to factory mode) can only be done from the BIOS menu or from a remote, trusted console. > - Will Solaris' settings have precedence or are these settings > stored in the AMT BIOS and gotten from/set there? > > > In AMT's non-volatile memory. Configuration can be done in two ways: 1. TLS-PSK (1-touch configuration, which requires at least one touch of the machine to enter a pre-shared key). 2. Remote configuration (0-touch configuration, e.g. the firmware can have one or more root certificate hashes from recognized vendors). This is cool. Vincent.
