Does Intel® Active Management Technology (Intel® AMT) Support SHA-256?

This article addresses Intel® AMT 14 and above and renewing the provisioning certificate on the Intel® EMA server.

• Intel® Active Management Technology (Intel® AMT) has been compatible with SHA-256 since Intel® Management Engine (Intel® ME) 11.0.
• The default SHA1 certificate hashes were removed from the firmware on Intel® AMT 14 and above,
• Starting from Intel® ME 15.0 firmware for the H platform, and Intel® ME 16.0 firmware for all platforms, Intel is removing support of SHA1 root certificates and RSA key sizes smaller than 2048 bits for Intel® AMT provisioning. In those releases and later, it is no longer possible to add SHA1 hashes, and none of the certificates in the certificate chain can be SHA1-based, including the root certificate.

For more information go to Setup and Configuration of Intel® AMT > Root Certificate Hashes of Intel® AMT implementation and reference guide.