Summary
Intel® AMT only supports Certificates of SHA-256 encryption.
Description
This article addresses Intel® AMT 14 and above and renewing the provisioning certificate on the Intel® EMA server.
Resolution
- Intel® Active Management Technology (Intel® AMT) has been compatible with SHA-256 since Intel® Management Engine (Intel® ME) 11.0.
- The default SHA1 certificate hashes were removed from the firmware on Intel® AMT 14 and above,
- Starting from Intel® ME 15.0 firmware for the H platform, and Intel® ME 16.0 firmware for all platforms, Intel is removing support of SHA1 root certificates and RSA key sizes smaller than 2048 bits for Intel® AMT provisioning. In those releases and later, it is no longer possible to add SHA1 hashes, and none of the certificates in the certificate chain can be SHA1-based, including the root certificate.
Additional information
For more information go to Setup and Configuration of Intel® AMT > Root Certificate Hashes of Intel® AMT implementation and reference guide.