Setting up and configuring Intel AMT in HP Business Notebooks, Desktops, and Workstations - Technical white paper
4.  The SCS logs into the Intel AMT system and provisions all required data items, including the following: 
–  New PPS and PID for future configuration 
–  TLS certificates 
–  Private keys 
–  Current date and time 
–  HTTP Digest credentials 
–  HTTP Negotiate credentials 
Other options can be set depending on the particular SCS implementation. 
The system goes from In-Setup to Operational phase; Intel AMT is fully operational. Once in Operational phase, the system 
can be remotely managed and is ready to be given to an end-user for regular use. 
Enabling TLS-PSK provisioning 
For information on enabling TLS-PSK provisioning on an Intel AMT system, refer to Enabling TLS-PKI or TLS-PSK
.  
OEM TLS-PSK provisioning 
To reduce the burden on local IT staff, the information required to enable TLS-PSK provisioning can be pre-configured at the 
factory. OEM TLS-PSK provisioning is performed in the following stages: 
1.  During OEM manufacturing 
2.  At the customer’s location  
During OEM manufacturing 
During manufacturing, HP sets up Intel AMT
8
 and ships the customer a system that is already in In-Setup phase.  
If desired, the admin password, PID, and PSS can be generated during manufacturing and transferred to the customer in a 
separate, secure fashion. Alternatively, customers can provide their own admin password, PID, and PPS to be used by HP for 
a particular order.  
At the customer’s location 
The customer receives In-Setup systems along with the PIDs, PPSs, and password information needed by the SCS. The 
systems are connected to the network and powered up, allowing remote provisioning to take place automatically. 
Note  
Some SCSs may require additional settings, such as a port number and IP address. Contact the ISV for more information.  
If desired, the SCS can generate a new PID/PPS combination to replace the combination configured by HP. 
Using a USB drive key for provisioning 
This is a zero-touch provisioning method that eliminates the errors that can occur when manually typing entries. Password, 
PID, and PPS information is loaded to the MEBx on system boot using a specially formatted setup.bin file. After this 
information has been loaded, the Intel AMT system starts requesting provisioning. 
Prerequisites 
A USB drive key must meet the following requirements to support USB drive key setup and configuration: 
•  It must be greater than 16 MB in size. 
•  The sector size must be 1 KB. 
•  It must not be formatted to boot. 
•  The setup.bin file must be the first file landed on key. 
8
 This is a custom, fee-based service. Contact HP for more information. 
29 










