Intel Standard Management (ISM) instead of Active Management (AMT)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Johntron

New Member
Apr 17, 2022
2
0
1
I recently purchased two HP ProDesk 600 G6's with i5-10500T's and "vPro" stickers on them from two different sellers on eBay. After updating the BIOS and unprovisioning Intel Management Engine (ME), and then setting a password in MEBx, it seems the two machines are different: one has options for Active Management (AMT) and one has options for Standard Management (ISM). For those that are unaware, AMT is a superset of ISM and includes KVM over IP as well as a few other features.

My question: how is AMT enabled? Is this an option the manufacturer has to physically install somewhere (like RMM4), is it a software unlock, do I need to install some additional drivers, or did I simply miss something during (manual) configuration?

For reference, below is a screenshot of what the MEBx options look like for the machine with Standard Management. Note the highlighted menu item - machines with AMT say "SOL/Storage Redirection/KVM" here and include options for KVM when you open the menu item.

Screenshot_20220520-164828 (1).png

FWIW, I've been using a PiKVM to manage some of the machines in my homelab. It's great / awesome and even supports up to 4 machines and the super-simple Tailscale VPN for remote access; however, on these specific HP machines the keyboard, mouse, and mass storage devices don't work until BIOS/UEFI hands-off to the OS. This means that unlike my other machines, I can't change BIOS settings, boot order, or AMT settings with the PiKVM. This could be caused by a lack of support for composite HID devices in the HP bios, but I'm not really sure.
 

Marsh

Moderator
May 12, 2013
2,644
1,496
113
Run HWinfo to check , Intel ME , vPRO , expand SMBIOS DMI tree to see more detail

see my screenshot of my Dell 7070 mini, my other HP Elitedesk 800 g4 is the same
 

Attachments

Marsh

Moderator
May 12, 2013
2,644
1,496
113
Configure ME like you did in your post,

For testing , disable user consent , set user consent to none
Do not forget to Activate network access

download and install meshcommander , to test to see if Remote Desk top is working
MeshCommander 0.9.5 - MSI installer, WIN32 executable, Apache 2.0 License.

After Remote desktop KVM working,
check out MeshCommander Firmware Loader, you install a simple firmware into ME,
then you could access your KVM only using a web browser, no other app is needed to access KVM.

I used MeshCommander Firmware Loader on all my 24x7 server when there is no IPMI.
 
  • Like
Reactions: Aluminat

Marco

New Member
Sep 23, 2013
19
0
1
I recently purchased two HP ProDesk 600 G6's with i5-10500T's and "vPro" stickers on them from two different sellers on eBay. After updating the BIOS and unprovisioning Intel Management Engine (ME), and then setting a password in MEBx, it seems the two machines are different: one has options for Active Management (AMT) and one has options for Standard Management (ISM). For those that are unaware, AMT is a superset of ISM and includes KVM over IP as well as a few other features.

My question: how is AMT enabled? Is this an option the manufacturer has to physically install somewhere (like RMM4), is it a software unlock, do I need to install some additional drivers, or did I simply miss something during (manual) configuration?
I think it's the way the BIOS Flash has been programmed, the two machines should be identical HW wise, I don't think there is anything fused in the silicon. Conceptually it should be simple, just dump with a flash programmer the image of the BIOS from the two machines and compare them for the ME section. Then try flashing the modified image on the machine with ISM. But to you need to make sure you don't overwrite machine specific data (serial number, MAC addresses, etc). So it's not that trivial, especially if the image is signed somehow. But I think it can be done.
 

Marco

New Member
Sep 23, 2013
19
0
1
I think it's the way the BIOS Flash has been programmed, the two machines should be identical HW wise, I don't think there is anything fused in the silicon. Conceptually it should be simple, just dump with a flash programmer the image of the BIOS from the two machines and compare them for the ME section. Then try flashing the modified image on the machine with ISM. But to you need to make sure you don't overwrite machine specific data (serial number, MAC addresses, etc). So it's not that trivial, especially if the image is signed somehow. But I think it can be done.
By the way: [Help please] Dell Optiplex 7090 - Enabling Intel ME
 

wenjen

New Member
Aug 15, 2023
4
1
1
Dear all,

maybe can anyone provide me a link to download the meshcommander firmware loader? And maybe also for meshcommander msi? Intel has ended support for this and I didn't make a backup of it :-(



Thank you!

Regads