Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 1 | Intel(R) Management Engine Interface (Intel(R) MEI) |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 2 | =================================================== |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 3 | |
| 4 | Introduction |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 5 | ============ |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 6 | |
Justin P. Mattock | 5f9092f3 | 2012-03-12 07:18:09 -0700 | [diff] [blame] | 7 | The Intel Management Engine (Intel ME) is an isolated and protected computing |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 8 | resource (Co-processor) residing inside certain Intel chipsets. The Intel ME |
| 9 | provides support for computer/IT management features. The feature set |
| 10 | depends on the Intel chipset SKU. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 11 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 12 | The Intel Management Engine Interface (Intel MEI, previously known as HECI) |
| 13 | is the interface between the Host and Intel ME. This interface is exposed |
| 14 | to the host as a PCI device. The Intel MEI Driver is in charge of the |
| 15 | communication channel between a host application and the Intel ME feature. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 16 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 17 | Each Intel ME feature (Intel ME Client) is addressed by a GUID/UUID and |
| 18 | each client has its own protocol. The protocol is message-based with a |
| 19 | header and payload up to 512 bytes. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 20 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 21 | Prominent usage of the Intel ME Interface is to communicate with Intel(R) |
Julian Brost | ccd7b01 | 2015-01-12 00:58:07 +0100 | [diff] [blame] | 22 | Active Management Technology (Intel AMT) implemented in firmware running on |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 23 | the Intel ME. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 24 | |
| 25 | Intel AMT provides the ability to manage a host remotely out-of-band (OOB) |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 26 | even when the operating system running on the host processor has crashed or |
| 27 | is in a sleep state. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 28 | |
| 29 | Some examples of Intel AMT usage are: |
| 30 | - Monitoring hardware state and platform components |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 31 | - Remote power off/on (useful for green computing or overnight IT |
| 32 | maintenance) |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 33 | - OS updates |
| 34 | - Storage of useful platform information such as software assets |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 35 | - Built-in hardware KVM |
| 36 | - Selective network isolation of Ethernet and IP protocol flows based |
| 37 | on policies set by a remote management console |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 38 | - IDE device redirection from remote management console |
| 39 | |
| 40 | Intel AMT (OOB) communication is based on SOAP (deprecated |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 41 | starting with Release 6.0) over HTTP/S or WS-Management protocol over |
| 42 | HTTP/S that are received from a remote management console application. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 43 | |
| 44 | For more information about Intel AMT: |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 45 | http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 46 | |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 47 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 48 | Intel MEI Driver |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 49 | ================ |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 50 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 51 | The driver exposes a misc device called /dev/mei. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 52 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 53 | An application maintains communication with an Intel ME feature while |
Tomas Winkler | f6a4e49 | 2012-05-29 16:39:09 +0300 | [diff] [blame] | 54 | /dev/mei is open. The binding to a specific feature is performed by calling |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 55 | MEI_CONNECT_CLIENT_IOCTL, which passes the desired UUID. |
| 56 | The number of instances of an Intel ME feature that can be opened |
| 57 | at the same time depends on the Intel ME feature, but most of the |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 58 | features allow only a single instance. |
| 59 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 60 | The Intel AMT Host Interface (Intel AMTHI) feature supports multiple |
Tomas Winkler | f6a4e49 | 2012-05-29 16:39:09 +0300 | [diff] [blame] | 61 | simultaneous user connected applications. The Intel MEI driver |
| 62 | handles this internally by maintaining request queues for the applications. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 63 | |
Tomas Winkler | f6a4e49 | 2012-05-29 16:39:09 +0300 | [diff] [blame] | 64 | The driver is transparent to data that are passed between firmware feature |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 65 | and host application. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 66 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 67 | Because some of the Intel ME features can change the system |
| 68 | configuration, the driver by default allows only a privileged |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 69 | user to access it. |
| 70 | |
Tomas Winkler | f6a4e49 | 2012-05-29 16:39:09 +0300 | [diff] [blame] | 71 | A code snippet for an application communicating with Intel AMTHI client: |
| 72 | |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 73 | struct mei_connect_client_data data; |
| 74 | fd = open(MEI_DEVICE); |
| 75 | |
| 76 | data.d.in_client_uuid = AMTHI_UUID; |
| 77 | |
| 78 | ioctl(fd, IOCTL_MEI_CONNECT_CLIENT, &data); |
| 79 | |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 80 | printf("Ver=%d, MaxLen=%ld\n", |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 81 | data.d.in_client_uuid.protocol_version, |
| 82 | data.d.in_client_uuid.max_msg_length); |
| 83 | |
| 84 | [...] |
| 85 | |
| 86 | write(fd, amthi_req_data, amthi_req_data_len); |
| 87 | |
| 88 | [...] |
| 89 | |
| 90 | read(fd, &amthi_res_data, amthi_res_data_len); |
| 91 | |
| 92 | [...] |
| 93 | close(fd); |
| 94 | |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 95 | |
| 96 | IOCTL |
| 97 | ===== |
| 98 | |
Tomas Winkler | 3c7c846 | 2015-07-26 09:54:20 +0300 | [diff] [blame] | 99 | The Intel MEI Driver supports the following IOCTL commands: |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 100 | IOCTL_MEI_CONNECT_CLIENT Connect to firmware Feature (client). |
| 101 | |
| 102 | usage: |
| 103 | struct mei_connect_client_data clientData; |
| 104 | ioctl(fd, IOCTL_MEI_CONNECT_CLIENT, &clientData); |
| 105 | |
| 106 | inputs: |
| 107 | mei_connect_client_data struct contain the following |
| 108 | input field: |
| 109 | |
| 110 | in_client_uuid - UUID of the FW Feature that needs |
| 111 | to connect to. |
| 112 | outputs: |
| 113 | out_client_properties - Client Properties: MTU and Protocol Version. |
| 114 | |
| 115 | error returns: |
| 116 | EINVAL Wrong IOCTL Number |
| 117 | ENODEV Device or Connection is not initialized or ready. |
| 118 | (e.g. Wrong UUID) |
| 119 | ENOMEM Unable to allocate memory to client internal data. |
| 120 | EFAULT Fatal Error (e.g. Unable to access user input data) |
| 121 | EBUSY Connection Already Open |
| 122 | |
| 123 | Notes: |
| 124 | max_msg_length (MTU) in client properties describes the maximum |
| 125 | data that can be sent or received. (e.g. if MTU=2K, can send |
Anatol Pomozov | f884ab1 | 2013-05-08 16:56:16 -0700 | [diff] [blame] | 126 | requests up to bytes 2k and received responses up to 2k bytes). |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 127 | |
Tomas Winkler | 3c7c846 | 2015-07-26 09:54:20 +0300 | [diff] [blame] | 128 | IOCTL_MEI_NOTIFY_SET: enable or disable event notifications |
| 129 | |
| 130 | Usage: |
| 131 | uint32_t enable; |
| 132 | ioctl(fd, IOCTL_MEI_NOTIFY_SET, &enable); |
| 133 | |
| 134 | Inputs: |
| 135 | uint32_t enable = 1; |
| 136 | or |
| 137 | uint32_t enable[disable] = 0; |
| 138 | |
| 139 | Error returns: |
| 140 | EINVAL Wrong IOCTL Number |
| 141 | ENODEV Device is not initialized or the client not connected |
| 142 | ENOMEM Unable to allocate memory to client internal data. |
| 143 | EFAULT Fatal Error (e.g. Unable to access user input data) |
| 144 | EOPNOTSUPP if the device doesn't support the feature |
| 145 | |
| 146 | Notes: |
| 147 | The client must be connected in order to enable notification events |
| 148 | |
| 149 | |
| 150 | IOCTL_MEI_NOTIFY_GET : retrieve event |
| 151 | |
| 152 | Usage: |
| 153 | uint32_t event; |
| 154 | ioctl(fd, IOCTL_MEI_NOTIFY_GET, &event); |
| 155 | |
| 156 | Outputs: |
| 157 | 1 - if an event is pending |
| 158 | 0 - if there is no even pending |
| 159 | |
| 160 | Error returns: |
| 161 | EINVAL Wrong IOCTL Number |
| 162 | ENODEV Device is not initialized or the client not connected |
| 163 | ENOMEM Unable to allocate memory to client internal data. |
| 164 | EFAULT Fatal Error (e.g. Unable to access user input data) |
| 165 | EOPNOTSUPP if the device doesn't support the feature |
| 166 | |
| 167 | Notes: |
| 168 | The client must be connected and event notification has to be enabled |
| 169 | in order to receive an event |
| 170 | |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 171 | |
| 172 | Intel ME Applications |
| 173 | ===================== |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 174 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 175 | 1) Intel Local Management Service (Intel LMS) |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 176 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 177 | Applications running locally on the platform communicate with Intel AMT Release |
| 178 | 2.0 and later releases in the same way that network applications do via SOAP |
| 179 | over HTTP (deprecated starting with Release 6.0) or with WS-Management over |
| 180 | SOAP over HTTP. This means that some Intel AMT features can be accessed from a |
| 181 | local application using the same network interface as a remote application |
| 182 | communicating with Intel AMT over the network. |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 183 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 184 | When a local application sends a message addressed to the local Intel AMT host |
| 185 | name, the Intel LMS, which listens for traffic directed to the host name, |
| 186 | intercepts the message and routes it to the Intel MEI. |
| 187 | For more information: |
| 188 | http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide |
| 189 | Under "About Intel AMT" => "Local Access" |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 190 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 191 | For downloading Intel LMS: |
| 192 | http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/ |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 193 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 194 | The Intel LMS opens a connection using the Intel MEI driver to the Intel LMS |
| 195 | firmware feature using a defined UUID and then communicates with the feature |
| 196 | using a protocol called Intel AMT Port Forwarding Protocol (Intel APF protocol). |
| 197 | The protocol is used to maintain multiple sessions with Intel AMT from a |
| 198 | single application. |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 199 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 200 | See the protocol specification in the Intel AMT Software Development Kit (SDK) |
| 201 | http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide |
| 202 | Under "SDK Resources" => "Intel(R) vPro(TM) Gateway (MPS)" |
| 203 | => "Information for Intel(R) vPro(TM) Gateway Developers" |
| 204 | => "Description of the Intel AMT Port Forwarding (APF) Protocol" |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 205 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 206 | 2) Intel AMT Remote configuration using a Local Agent |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 207 | |
Julian Brost | 21ef567 | 2015-01-12 00:58:08 +0100 | [diff] [blame] | 208 | A Local Agent enables IT personnel to configure Intel AMT out-of-the-box |
| 209 | without requiring installing additional data to enable setup. The remote |
| 210 | configuration process may involve an ISV-developed remote configuration |
| 211 | agent that runs on the host. |
| 212 | For more information: |
| 213 | http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide |
| 214 | Under "Setup and Configuration of Intel AMT" => |
| 215 | "SDK Tools Supporting Setup and Configuration" => |
| 216 | "Using the Local Agent Sample" |
| 217 | |
| 218 | An open source Intel AMT configuration utility, implementing a local agent |
| 219 | that accesses the Intel MEI driver, can be found here: |
| 220 | http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/ |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 221 | |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 222 | |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 223 | Intel AMT OS Health Watchdog |
| 224 | ============================ |
| 225 | |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 226 | The Intel AMT Watchdog is an OS Health (Hang/Crash) watchdog. |
| 227 | Whenever the OS hangs or crashes, Intel AMT will send an event |
Justin P. Mattock | 5f9092f3 | 2012-03-12 07:18:09 -0700 | [diff] [blame] | 228 | to any subscriber to this event. This mechanism means that |
| 229 | IT knows when a platform crashes even when there is a hard failure on the host. |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 230 | |
| 231 | The Intel AMT Watchdog is composed of two parts: |
| 232 | 1) Firmware feature - receives the heartbeats |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 233 | and sends an event when the heartbeats stop. |
Tomas Winkler | 222818c | 2016-01-08 00:49:22 +0200 | [diff] [blame] | 234 | 2) Intel MEI iAMT watchdog driver - connects to the watchdog feature, |
| 235 | configures the watchdog and sends the heartbeats. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 236 | |
Tomas Winkler | 222818c | 2016-01-08 00:49:22 +0200 | [diff] [blame] | 237 | The Intel iAMT watchdog MEI driver uses the kernel watchdog API to configure |
| 238 | the Intel AMT Watchdog and to send heartbeats to it. The default timeout of the |
Oren Weil | 463ac7f | 2011-12-06 23:25:18 +0200 | [diff] [blame] | 239 | watchdog is 120 seconds. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 240 | |
Tomas Winkler | 222818c | 2016-01-08 00:49:22 +0200 | [diff] [blame] | 241 | If the Intel AMT is not enabled in the firmware then the watchdog client won't enumerate |
| 242 | on the me client bus and watchdog devices won't be exposed. |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 243 | |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 244 | |
| 245 | Supported Chipsets |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 246 | ================== |
Julian Brost | cfba678 | 2015-01-12 00:58:06 +0100 | [diff] [blame] | 247 | |
Oren Weil | 6624fc2 | 2011-05-15 13:43:39 +0300 | [diff] [blame] | 248 | 7 Series Chipset Family |
| 249 | 6 Series Chipset Family |
| 250 | 5 Series Chipset Family |
| 251 | 4 Series Chipset Family |
| 252 | Mobile 4 Series Chipset Family |
| 253 | ICH9 |
| 254 | 82946GZ/GL |
| 255 | 82G35 Express |
| 256 | 82Q963/Q965 |
| 257 | 82P965/G965 |
| 258 | Mobile PM965/GM965 |
| 259 | Mobile GME965/GLE960 |
| 260 | 82Q35 Express |
| 261 | 82G33/G31/P35/P31 Express |
| 262 | 82Q33 Express |
| 263 | 82X38/X48 Express |
| 264 | |
| 265 | --- |
| 266 | linux-mei@linux.intel.com |