tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1Intel(R) Management Engine Interface (Intel(R) MEI)
2=======================
3
4Introduction
5=======================
6
7The Intel Management Engine (Intel ME) is an isolated andprotected computing
8resource (Co-processor) residing inside certain Intel chipsets. The Intel ME
9provides support for computer/IT management features. The feature set
10depends on the Intel chipset SKU.
11
12The Intel Management Engine Interface (Intel MEI, previously known as HECI)
13is the interface between the Host and Intel ME. This interface is exposed
14to the host as a PCI device. The Intel MEI Driver is in charge of the
15communication channel between a host application and the Intel ME feature.
16
17Each Intel ME feature (Intel ME Client) is addressed by a GUID/UUID and
18each client has its own protocol. The protocol is message-based with a
19header and payload up to 512 bytes.
20
21Prominent usage of the Intel ME Interface is to communicate with Intel(R)
22Active Management Technology (Intel AMT)implemented in firmware running on
23the Intel ME.
24
25Intel AMT provides the ability to manage a host remotely out-of-band (OOB)
26even when the operating system running on the host processor has crashed or
27is in a sleep state.
28
29Some examples of Intel AMT usage are:
30 - Monitoring hardware state and platform components
31 - Remote power off/on (useful for green computing or overnight IT
32 maintenance)
33 - OS updates
34 - Storage of useful platform information such as software assets
35 - Built-in hardware KVM
36 - Selective network isolation of Ethernet and IP protocol flows based
37 on policies set by a remote management console
38 - IDE device redirection from remote management console
39
40Intel AMT (OOB) communication is based on SOAP (deprecated
41starting with Release 6.0) over HTTP/S or WS-Management protocol over
42HTTP/S that are received from a remote management console application.
43
44For more information about Intel AMT:
45http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide
46
47Intel MEI Driver
48=======================
49
50The driver exposes a misc device called /dev/mei.
51
52An application maintains communication with an Intel ME feature while
53/dev/mei is open. The binding to a specific features is performed by calling
54MEI_CONNECT_CLIENT_IOCTL, which passes the desired UUID.
55The number of instances of an Intel ME feature that can be opened
56at the same time depends on the Intel ME feature, but most of the
57features allow only a single instance.
58
59The Intel AMT Host Interface (Intel AMTHI) feature supports multiple
60simultaneous user applications. Therefore, the Intel MEI driver handles
61this internally by maintaining request queues for the applications.
62
63The driver is oblivious to data that is passed between firmware feature
64and host application.
65
66Because some of the Intel ME features can change the system
67configuration, the driver by default allows only a privileged
68user to access it.
69
70A code snippet for an application communicating with
71Intel AMTHI client:
72 struct mei_connect_client_data data;
73 fd = open(MEI_DEVICE);
74
75 data.d.in_client_uuid = AMTHI_UUID;
76
77 ioctl(fd, IOCTL_MEI_CONNECT_CLIENT, &data);
78
79 printf("Ver=%d, MaxLen=%ld\n",
80 data.d.in_client_uuid.protocol_version,
81 data.d.in_client_uuid.max_msg_length);
82
83 [...]
84
85 write(fd, amthi_req_data, amthi_req_data_len);
86
87 [...]
88
89 read(fd, &amthi_res_data, amthi_res_data_len);
90
91 [...]
92 close(fd);
93
94IOCTL:
95======
96The Intel MEI Driver supports the following IOCTL command:
97 IOCTL_MEI_CONNECT_CLIENT Connect to firmware Feature (client).
98
99 usage:
100 struct mei_connect_client_data clientData;
101 ioctl(fd, IOCTL_MEI_CONNECT_CLIENT, &clientData);
102
103 inputs:
104 mei_connect_client_data struct contain the following
105 input field:
106
107 in_client_uuid - UUID of the FW Feature that needs
108 to connect to.
109 outputs:
110 out_client_properties - Client Properties: MTU and Protocol Version.
111
112 error returns:
113 EINVAL Wrong IOCTL Number
114 ENODEV Device or Connection is not initialized or ready.
115 (e.g. Wrong UUID)
116 ENOMEM Unable to allocate memory to client internal data.
117 EFAULT Fatal Error (e.g. Unable to access user input data)
118 EBUSY Connection Already Open
119
120 Notes:
121 max_msg_length (MTU) in client properties describes the maximum
122 data that can be sent or received. (e.g. if MTU=2K, can send
123 requests up to bytes 2k and received responses upto 2k bytes).
124
125Intel ME Applications:
126==============
127
1281) Intel Local Management Service (Intel LMS)
129
130 Applications running locally on the platform communicate with Intel AMT Release
131 2.0 and later releases in the same way that network applications do via SOAP
132 over HTTP (deprecated starting with Release 6.0) or with WS-Management over
133 SOAP over HTTP. This means that some Intel AMT features can be accessed from a
134 local application using the same network interface as a remote application
135 communicating with Intel AMT over the network.
136
137 When a local application sends a message addressed to the local Intel AMT host
138 name, the Intel LMS, which listens for traffic directed to the host name,
139 intercepts the message and routes it to the Intel MEI.
140 For more information:
141 http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide
142 Under "About Intel AMT" => "Local Access"
143
144 For downloading Intel LMS:
145 http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/
146
147 The Intel LMS opens a connection using the Intel MEI driver to the Intel LMS
148 firmware feature using a defined UUID and then communicates with the feature
149 using a protocol called Intel AMT Port Forwarding Protocol(Intel APF protocol).
150 The protocol is used to maintain multiple sessions with Intel AMT from a
151 single application.
152
153 See the protocol specification in the Intel AMT Software Development Kit(SDK)
154 http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide
155 Under "SDK Resources" => "Intel(R) vPro(TM) Gateway(MPS)"
156 => "Information for Intel(R) vPro(TM) Gateway Developers"
157 => "Description of the Intel AMT Port Forwarding (APF)Protocol"
158
159 2) Intel AMT Remote configuration using a Local Agent
160 A Local Agent enables IT personnel to configure Intel AMT out-of-the-box
161 without requiring installing additional data to enable setup. The remote
162 configuration process may involve an ISV-developed remote configuration
163 agent that runs on the host.
164 For more information:
165 http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide
166 Under "Setup and Configuration of Intel AMT" =>
167 "SDK Tools Supporting Setup and Configuration" =>
168 "Using the Local Agent Sample"
169
170 An open source Intel AMT configuration utility, implementing a local agent
171 that accesses the Intel MEI driver, can be found here:
172 http://software.intel.com/en-us/articles/download-the-latest-intel-amt-open-source-drivers/
173
174
175Intel AMT OS Health Watchdog:
176=============================
177The Intel AMT Watchdog is an OS Health (Hang/Crash) watchdog.
178Whenever the OS hangs or crashes, Intel AMT will send an event
179to any subsciber to this event. This mechanism means that
180IT knows when a platform crashes even when there is a hard failureon the host.
181
182The Intel AMT Watchdog is composed of two parts:
183 1) Firmware feature - receives the heartbeats
184 and sends an event when the heartbeats stop.
185 2) Intel MEI driver - connects to the watchdog feature, configures the
186 watchdog and sends the heartbeats.
187
188The Intel MEI driver uses the kernel watchdog to configure the Intel AMT
189Watchdog and to send heartbeats to it. The default timeout of the
190watchdog is 120 seconds.
191
192If the Intel AMT Watchdog feature does not exist (i.e. the connection failed),
193the Intel MEI driver will disable the sending of heartbeats.
194
195Supported Chipsets:
196==================
1977 Series Chipset Family
1986 Series Chipset Family
1995 Series Chipset Family
2004 Series Chipset Family
201Mobile 4 Series Chipset Family
202ICH9
20382946GZ/GL
20482G35 Express
20582Q963/Q965
20682P965/G965
207Mobile PM965/GM965
208Mobile GME965/GLE960
20982Q35 Express
21082G33/G31/P35/P31 Express
21182Q33 Express
21282X38/X48 Express
213
214---
215linux-mei@linux.intel.com