Build & Run RPC
Developed in Go* programming language, the Remote Provisioning Client (RPC) application runs on the managed device and communicates with the Remote Provisioning Server (RPS) microservice on the development system. The RPC and RPS configure and activate Intel® AMT on the managed device. Once properly configured, the remote managed device can call home to the Management Presence Server (MPS) by establishing a Client Initiated Remote Access (CIRA) connection with the MPS. See Figure 1.
Beta Version Instructions Ahead
This version of the RPC application contains functional enhancements. See Release Notes.
However, it is a Beta version release.
If you are unable to complete the installation below or you simply require an older release of the RPC, see Open AMT Cloud Toolkit 2.0:
Production Environment
In a production environment, RPC can be deployed with an in-band manageability agent to distribute it to the fleet of AMT devices. The in-band manageability agent can invoke RPC to run and activate the AMT devices.
Figure 1 Details
The RPC on a managed device communicates with the Intel® Management Engine Interface (Intel® MEI, previously known as HECI) Driver and the Remote Provisioning Server (RPS) interfaces. The Driver uses the Intel® MEI to talk to Intel® AMT. The RPC activates Intel® AMT with an AMT profile, which is associated with a CIRA configuration (Step 3). The profile, which also distinguishes between Client Control Mode (CCM) or Admin Control Mode (ACM), and configuration were created in Create a CIRA Config or Create an AMT Profile. After running RPC with a profile, Intel® AMT will establish a CIRA connection with the MPS (Step 4) allowing MPS to manage the remote device and issue AMT commands (Step 5).
Prerequisites¶
Before installing and building the RPC, install:
- Go* Programming Language
-
tdm-gcc (On Windows* only)
To install prerequisites on Linux*:
- See Go's Download and Install.
- Choose and download a distribution appropriate for your managed device and operating system (e.g., tar.gz).
- Extract the archive in the location indicated in Go's installation instructions.
- Follow the remaining instructions.
To install prerequisites on Windows:
- See Go's Download and Install.
- Choose and download a distribution appropriate for your managed device and operating system (e.g., msi).
- Run the downloaded file and follow prompts to install.
- See tdm-gcc.
- Choose a version and download the .exe.
- Run the downloaded file and follow prompts to install. For a new installation, choose Create and accept all default installation options.
To verify Go and tdm-gcc installations:
- Open a Terminal or Command Prompt:
For Windows only:
go version
gcc -v
- Confirm the version numbers.
Get the RPC¶
To clone the repository:
-
Open a Terminal or Command Prompt and navigate to a directory of your choice for development:
git clone https://github.com/open-amt-cloud-toolkit/rpc-go --branch v2.1.0
-
Change to the cloned
rpc-go
directory:cd rpc-go
Build the RPC¶
To build the executable:
-
Open a Terminal (Linux) or Powershell/Command Prompt as Administrator (Windows):
sudo apt install build-essential
go build -o rpc ./cmd
go build -o rpc.exe ./cmd
docker build -f "Dockerfile" -t rpc-go:latest .
Note
The image created with the Docker instruction above is only suitable for Docker on a Linux host.
RPC Go Build Warnings
You may see the
go build
command output a series of warnings similar to below. The binary still successfully built. These warnings show due to LMS, which is based on C, and it's interactions with AMT firmware. In the future, this may change.$ go build -o rpc ./cmd # rpc/internal/amt In file included from internal/amt/commands.go:14: internal/amt/../../microlms/heci/LMEConnection.c: In function 'LME_Init': internal/amt/../../microlms/heci/LMEConnection.c:129:24: warning: passing argument 1 of 'ILibSpawnNormalThread' from incompatible pointer type [-Wincompatible-pointer-types] 129 | ILibSpawnNormalThread((voidfp)(&LME_Thread), module); ...
-
Confirm a successful build:
sudo ./rpc version
.\rpc version
sudo docker run --device=/dev/mei0 rpc-go:latest version
Run RPC to Activate and Connect the AMT Device¶
The toolkit provides a reference implementation called the Sample Web UI to manage the device. After running device activation instructions below, your device will be listed on the Devices tab in the Sample Web UI.
To run the application and connect the managed device:
-
After building the RPC, copy the executable to the managed device.
-
On the managed device, open a Terminal (Linux) or Powershell/Command Prompt as Administrator (Windows).
-
Navigate to the directory containing the RPC application.
-
Running RPC with the activate command configures or provisions Intel® AMT. It will take 1-2 minutes to finish provisioning the device. In the instruction below:
- Replace [Development-IP-Address] with the development system's IP address, where the MPS and RPS servers are running.
- Replace [profile-name] with your created profile in the Sample Web UI. The RPC application command line parameters are case-sensitive.
sudo ./rpc activate -u wss://[Development-IP-Address]/activate -n --profile [profilename]
.\rpc activate -u wss://[Development-IP-Address]/activate -n --profile [profilename]
sudo docker run --device=/dev/mei0 rpc-go:latest activate -u wss://[Development-IP-Address]/activate -n --profile [profilename]
Note - RPC Arguments
Find out more information about the flag and other arguments.
Success
Example Output after Activating and Configuring a device into ACM:
Troubleshooting
Run into an issue? Try these troubleshooting steps.
Transition Activated Device¶
If an Intel vPro® Platform has been previously activated, either in the BIOS or with another management solution or tool, it can be brought under Open AMT Cloud Toolkit control with the rpc-go application.
Additionally, use the following instructions to transition from a previously established toolkit stack to a fresh installation on a new development system.
Note
Use the following instructions to transition devices to either ACM or CCM profiles. You will need the AMT password.
Open AMT Cloud Toolkit increases security with multiple passwords. Find an explanation of toolkit passwords in Reference -> Architecture Overview.
To transition the activated device:
-
Check the activation status with amtinfo flag:
sudo ./rpc amtinfo
.\rpc amtinfo
sudo docker run --device=/dev/mei0 rpc-go:latest amtinfo
The control mode indicates the managed device's state:
- pre-provisioning or deactivated
- activated in client control mode (CCM)
- activated in admin control mode (ACM)
-
Run the rpc-go application with the activate command and the password flag:
sudo ./rpc activate -u wss://[Development-IP-Address]/activate -n -profile [profilename] -password [AMT password]
.\rpc activate -u wss://[Development-IP-Address]/activate -n -profile [profilename] -password [AMT password]
sudo docker run --device=/dev/mei0 rpc-go:latest activate -u wss://[Development-IP-Address]/activate -n -profile [profilename] -password [AMT password]
Success
To verify the managed devices list after transitioning, log into the Sample Web UI on the development system. Go to the Devices tab. Alternatively, learn how to list the managed devices via a REST API Call.