MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-13 07:53:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added option to turn off Intel AMT TLS ACM activation on AMT v14+

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-07-27 16:20:34 -07:00
parent dcc6676435
commit 8d8c182a7f
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
amtmanager.js
View File

@ -1909,9 +1909,16 @@ module.exports.CreateAmtManager = function (parent) {
deactivateIntelAmtCCM(dev); deactivateIntelAmtCCM(dev);
} else { } else {
// We are not activated now, go to ACM directly. // We are not activated now, go to ACM directly.
// If this is Intel AMT 14 or better, we are going to attempt a host-based end-to-end TLS activation. // Check if we are allowed to perform TLS ACM activation
var TlsAcmActivation = true;
var domain = parent.config.domains[dev.domainid];
if (domain && domain.amtmanager && (domain.amtmanager.tlsacmactivation == false)) { TlsAcmActivation = false; }
// Check Intel AMT version
if (typeof dev.intelamt.ver == 'string') { var verSplit = dev.intelamt.ver.split('.'); if (verSplit.length >= 3) { dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } } if (typeof dev.intelamt.ver == 'string') { var verSplit = dev.intelamt.ver.split('.'); if (verSplit.length >= 3) { dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } }
if (dev.aquired.majorver >= 14) {
// If this is Intel AMT 14 or better and allowed, we are going to attempt a host-based end-to-end TLS activation.
if (TlsAcmActivation && (dev.aquired.majorver >= 14)) {
// Perform host-based TLS ACM activation // Perform host-based TLS ACM activation
activateIntelAmtTlsAcm(dev, mesh.amt.password, acminfo); activateIntelAmtTlsAcm(dev, mesh.amt.password, acminfo);
} else { } else {

1
meshcentral-config-schema.json
View File

@ -527,6 +527,7 @@
"additionalProperties": false, "additionalProperties": false,
"description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.", "description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.",
"properties": { "properties": {
"TlsAcmActivation": { "type": "boolean", "default": true, "description": "When set to false, MeshCentral will not attempt a TLS ACM activation on Intel AMT v14+" },
"AdminAccounts": { "AdminAccounts": {
"description": "List of username and passwords to try when connecting to Intel AMT.", "description": "List of username and passwords to try when connecting to Intel AMT.",
"type": "array", "type": "array",