Date and Time Set the date, time, and time zone for your computer. DirectX Changes properties for DirectX Display Change the appearance of your desk top, such as the background, screen saver, colors, font sizes, and screen resolu tion. Folder Options Customize the display of files and folders, change file associations, and make network files available offline. Fonts Add, change, and manage fonts on y our computer. Game Controllers Add, remove, and configure game co ntroller hardware such as joysticks and gamepads.
Internet Options Configure your Internet display an d connection settings. Keyboard Customize your keyboard settings, such as the cursor blink rate and the character repeat rate. Mail Microsoft Office Outlook Profiles Mouse Customize your mouse settings, suc h as the button configuration, double-click speed, mouse pointers, and motion sp eed.
Network Connections Connects to other computers, netwo rks, and the Internet. Power Options Configure energy-saving settings f or your computer.
Printers and Faxes Shows installed printers and fax p rinters and helps you add new ones. Regional and Language Options Customize settings for the display of languages, numbers, times, and dates.
Scanners and Cameras Add, remove, and configure scanner s and cameras. Scheduled Tasks Schedule computer tasks to run aut omatically. Security Center View your current security status and access important settings Sounds and Audio Devices Change the sound scheme for your c omputer, or configure the settings for your speakers and recording devices.
Speech Change settings for text-to-speech and for speech recognition if installed. Startup Control programs that run at syste m startup. System See information about your compute r system, and change settings for hardware, performance, and automatic updates.
Taskbar and Start Menu Customize the Start Menu and the t askbar, such as the types of items to be displayed and how they should appear.
User Accounts Change user account settings and p asswords for people who share this computer. Windows CardSpace Manage Information Cards used to l og on and register with websites and online services. If any of the switches is REM left unspecified, the default value will be used. REM The T switch must be set to 3, if specified.
NT or other startup file. To run CMD. NT or REM other startup file. The REM default value is 8. REM The value must be given in Hexdecimal. FON [ win. Please shutdown and restart the In dexing Service cisvc. Index will be a utomatically restored by refiltering all documents. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often c aused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Please contact Microsoft Product Support Services to report this error. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. The handle is invalid. Group Policy processing aborted. A disk che ck has been scheduled. Windows will now check the disk.
Cleaning up minor inconsistencies on the drive. See 4. Sequence The Sequence Number is required; see section 3. Number Local The Local Timestamp is recommended. In the case of a poll, the address of the polled sensor is used. In the case of a push, the address of the pushing sensor is used. If there is no SMBus address associated to the event e. If an SMBus address is represented in this field, bits 7 through 1 contain the address, and bit 0 is set to 0b. Values of 00h and FFh identify that the Sensor Number is not specified.
Entity Instance When a system includes multiple device instances, e. For example, if a system has two processors, this field distinguishes between events associated with Processor 1 and Processor 2.
A value of 00h in this field indicates that Entity Instance is unspecified. Some of the PET messages defined in this specification allow the inclusion of a variable number of event data bytes, to further describe the event. System ID The manufacturer associated with the alerting system assigns the system identifier. The OEM Custom fields should only be used if the event cannot be expressed in a standard way.
A given managed client is not required to support all the listed PET frames, but if a client supports the event described by one of the listed PET frames, the client should format the PET frame as described in this section.
An implementation has options as to whether it returns generic information that just indicates the criticality of the event, or whether it returns information also indicating that the event was triggered by a rising or falling condition on the monitored parameter, e. The list is presented as a guide only. It is not intended to represent a complete list of the possible environmental events from a system.
The Entity for a given event varies according to what system device the environmental sensor is monitoring. For example, a typical managed client can have temperature monitoring associated with its system board and with the main processor. A thermal event associated with the system board will have Entity set to 7 System Board and Entity Instance set to 1 Primary , while a thermal event associated with the processor will have Entity set to 3 Processor and Entity Instance set to 1 Primary.
Cooling still adequate Case Intrusion. One or more processors sharing the same voltage supply have mismatched voltage requirements. This table describes the Specific Trap Field and Entity values associated with some typical system firmware errors.
The Event Type sub-field for all these events is set to 6Fh Sensor specific. See above or section 3. Descriptor Code Description 00h Unspecified.
This table describes the Specific Trap Field values for some system firmware progress events. The Event Type sub-field for each of these traps is set to 6Fh Sensor-specific. A timer-expiration event can generally be considered to indicate a hang associated with the software that was running when the expiration occurred. A timer present in the alert-sending device controls the frequency of this message, which is referred to as a system heartbeat.
System Heartbeat messages are sent as single PET frames, and are not re- transmitted. In this environment, RMCP messages are exchanged between a management console and a managed client. Typical client control functions include operations such as reset, power-up, and power-down. The management console should always use OS-present methods as the primary method to power down or reset a managed client, so that any shutdown operation is handled in an orderly fashion.
Management consoles should employ RMCP methods only if the managed client fails to respond to the OS-present methods, since the hardware-based RMCP methods could result in loss of data on the client system. ASF 2. While this specification defines the security extension protocols and encapsulation formats, an actual implementation must also deal with a variety of security issues that fall outside of the scope of this specification.
While this and other security-related implementation issues are not mandated by this specification, it is expected that vendors will follow security-industry- accepted practices where appropriate. It is defined as the compatibility port beginning with ASF version 2. Refer to section 3. For network frames sent by the managed client, each of these ports is a source port.
The source port in the frames sent to the managed client becomes the destination port in the frames sent by the managed client.
RMCP is media independent and, depending on the medium, the associated header fields will be different. All the data fields specified for RMCP messages are in network byte order. This specification defines the format of the shaded fields in the frame described below.
Within the table that follows, a Contents field that has non-blank Value field defines the method through which the following frame contents are determined.
The RMCP message the shaded area in the table is divided into two basic components: its header and its associated data. The acknowledge message indicates only that the message has been received; it does not indicate that any action has been completed.
Specifically, the recipient returns to the sender the first three bytes from the received RMCP header version, sequence number and reserved fields with the fourth byte modified to indicate that the message represents an RMCP Acknowledge.
Sequence Number 1 byte 02h Copied from the received message. Class of Message 1 byte 03h Bit s Description 7 Set to 1 to indicate acknowledgement. Notes: 1. Sequence numbers are used to ensure reliability over an inherently unreliable protocol like UDP and facilitate message ordering and recognition of identical messages. The Sequence Number is incremented each time a unique message is sent from the same source e.
When the message initiator retries a message, possibly due to a missing RMCP Acknowledge, the initiator sends the exact message of the original transmission with the same Sequence Number; this allows the initiator to match an RMCP message to its associated acknowledgement.
A value of 06h in the byte field indicates RMCP v1. Reserved 1 01h Reserved for future definition by this specification, set to 00h. Sequence numbers Number byte should increase monotonically from each RMCP message source, in the range 0 to , and then rollover back to 0. Class of 1 03h This field identifies the format of the messages that follow this header. All Message byte messages of class ASF 6 conform to the formats defined in this specification.
Bit s Description 7 Message Type. Set to 1 to indicate an Acknowledge message see 3. The number is transmitted in network byte order. Message Type 1 byte 04h Defined by the entity associated with the value in the previous field. Message Tag 1 byte 05h This field is used to match request-response pairs. Reserved 1 byte 06h Reserved for future definition by this specification, set to 0. This value is copied into the response message when one is generated in a request-response interaction, e.
When a duplicate message is received, i. For example, an alert-sending device might be designed to respond to all Presence Ping messages received, or to keep track of recent Presence Ping messages and only respond to those with unique Message Tag values. See below for more information. Note: A value of FFh indicates that the associated message is not a request-response type message.
For example, a management console sends a Presence Ping with the Message Tag field set to 12h to a managed client. When the management console receives the Presence Pong, the console can quickly map the message to its associated Presence Ping by matching the Message Tag fields. Session IDs are used to identify the particular session state algorithms, keys, etc that is used to process a particular message.
Sequence Numbers are used along with a Sliding Receive Window see 3. For this specification, the size of the Sliding Receive Window is 32 messages. A Sequence Number is a unique monotonically increasing number inserted into the header by the sender. When a session is created, the Sequence Number is initialized to zero and incremented by one at the start of outbound processing for a given message.
A new session must be created prior to the Sequence Number wrapping around back to zero. These fields are specified in the following table. This mechanism allows some messages e. Number An RSP trailer contains four fields: 1. Some messages may not require padding if the messages already provide the necessary alignment. The Pad Length field defines the number of Pad bytes 0 to 3 present in the message.
This field is mandatory; if no Pad bytes are required, the Pad Length field is set to 00h. The Next Header field indicates the type of message that is encapsulated between the RSP header and trailer. The Integrity Data field is used to hold the results of an integrity algorithm e.
The length of this field depends on the integrity algorithm negotiated during session setup. If present, each Pad byte is set to 00h.
Pad 1 Byte 4n-2 Defines the number of Pad bytes present in the message, in the range 0 to Length 3. For this specification, the value of this field equals the value in the Version field of the RMCP Header of the message being processed.
Integrity Variable 4n Holds the results of an integrity algorithm negotiated during session setup. Data Bytes 3. Finally, RSP uses the Session ID to access the session state and determine which integrity algorithm to use with the message, and computes the Integrity Data over the encapsulated message from Session ID to Next Header fields, inclusive.
The resulting UDP packet is then passed to other lower-layer protocols e. IP and If the Checksum field is invalid, UDP silently discards the packet. If the Checksum field is valid, UDP verifies that it supports the upper-layer protocol specified by the value in the Destination Port field.
If the upper-layer protocol is not supported, UDP silently discards the packet. If the functionality is disabled, RSP silently discards the message. If no session state can be located for this message, RSP silently discards the message. If a session exists but the session is in a phase does not that allows this protected RMCP message to be accepted e. For v2. If the received message falls to the right of the window, the window is advanced to the right to encompass the message.
A message may be received out-of-order and still be properly processed. Important Note: The window must not be advanced until the Integrity Data of the message that would cause the advancement has been validated. Doing otherwise would allow an attacker to generate bogus messages with large sequence numbers that would move the window outside the range of valid sequence numbers and cause RSP in the receiving device to drop valid messages.
If the Sequence Number processing completes successfully, RSP saves the value in the Next Header field and uses the value in the Pad Length field to compute the number of Pad bytes that need to be removed from the end of the message. An association is established via a session protocol with a set of messages that can be used to setup and teardown an association. A managed client must support at least two sessions simultaneously, one of each type. If the managed client supports the RMCP security extensions and the management console wishes to establish an association with that managed client, the management console transitions to the Creation phase of the session protocol for that managed client.
Next the management console initiates the selected authentication and key generation protocol which might involve one or more message exchanges and generates the necessary keying material required for the RSP integrity algorithm. If the protocol is successful, an association is now in place between the management console and the managed client and they each transition to the Message Transfer phase of the session protocol.
If the protocol is not successful because of a lost message e. If the management console detects the lost message, it restarts the protocol at the beginning.
During the Message Transfer phase, the management console and the managed client exchange the desired messages necessary to manage the client. Each of these messages is encapsulated with an RSP Header and Trailer with integrity protection provided by the RSP integrity algorithm negotiated during the Creation phase.
If the management console wishes to close a session, it transitions to the Termination phase. This also means that no integrity protection is provided to messages by RSP until the Creation phase is complete.
This feature combined with a management console defined Device Security Policy allows a managed client to control its behavior. Examples of behavior that can be controlled include the roles that the managed client can use to establish sessions e. At installation time for RAKP, a management console user uses an out-of-band mechanism e. The first key, KO, is used for operator authentication and the second key, KA, is used for administrator authentication. The third key, KG, is used for key generation operations.
The scope of these keys shared by multiple managed clients and the management console or pair-wise unique for each managed client and the management console is a local policy issue that is determined by the equipment owner at the time of installation.
Once this and other necessary RMCP-related data is installed in the managed client and the managed client is initialized, the management console can initiate sessions with the managed client.
The management console then validates the HMAC. Quality in this context means that the numbers must be random in a cryptographic sense i. To ensure that a baseline-level of quality random numbers are provided for management consoles and managed clients, this specification defines the following algorithm that RAKP implementations must use if no other higher-quality source of random numbers is available e.
In addition to the three previously defined RAKP keys i. During installation after all of the RAKP keys have been loaded into non-volatile storage, the managed client creates two 2 32 bit counters, CP and CQ and sets the value of each counter to zero 0. CP is used to count the number of device power cycles and its value is saved in non-volatile storage. Once initialized, CP is incremented by one 1 after each power cycle and its new value is again saved in non-volatile storage.
CQ is used to count the number of random number generation requests per power cycle. Once initialized, CQ is incremented by one 1 after each random number generation request. After each power cycle, the value of CQ is set to zero 0 i. If during a given power cycle, CQ rolls-over back to zero, the managed client must increment CP by one 1 and save its new value back into non volatile storage. See section 6. Each of these message types can optionally include Boot Options in its variable data; the options define operations a managed client performs with the boot initiated by the RMCP message.
The Boot Options contain a bit-mask of standard options and a Special Command with an optional parameter. Otherwise, the alert- sending device records the Boot Options and Special Command values and reports those values in response to subsequently issued SMBus Get Boot Options messages until either 1.
The alert-sending device receives another RMCP message, supported by the system. See Special Command Definitions below for more detail. Parameter See Special Command Definitions below for more detail.
Parameter byte 1 is present in Data Byte 6; parameter byte 2 is present in Data Byte 7. Value Description 00h NOP. No additional special command is included; the Special Command Parameter has no meaning. When the parameter value is 0, the system default PXE device is booted. All other values for the PXE parameter are reserved for future definition by this specification.
The Special Command Parameter identifies the boot-media index for the managed client. When the parameter value is 0, the default hard-drive is booted, when the parameter value is 1, the primary hard-drive is booted; when the value is 2, the secondary hard-drive is booted — and so on. The Special Command Parameter identifies the boot- media index for the managed client.
The Special Command Parameter can be used to specify a diagnostic parameter. When the parameter value is 0, the default diagnostic media is booted. All other values for the diagnostic parameter are reserved for future definition by this specification. Client instrumentation might provide the capability to re-enable the button functionality without rebooting. Client instrumentation or OS drivers might provide the capability to re- enable the keyboard functionality without rebooting.
When set to a non-zero value, controls the amount of information the managed client writes to its local display: 00b System default 01b Quiet, minimal screen activity 10b Verbose, all messages appear on the screen 11b Screen blank, no messages appear on the screen. This option is usually used to aid in fail-to-boot problem determination. This option allows a system administrator to, for example, force a system boot via PXE in an unattended manner. Data Length for the sent message is set to 00h, no additional data is sent.
The capabilities described are the least common denominator of the capabilities of the alert-sending device, the motherboard, the firmware, and the supporting software.
Supported 16 Reserved Reserved for future definition by this specification; set to 00h Special Commands Bit Mask The following table describes the special commands bit mask.
System Capabilities Bit Mask The following table describes the system capabilities bit mask. Note: If a bit in the range is set to 1b, the corresponding bit in the range must be set to 0b. Response Data Bit Mask Bit Meaning Byte Byte 11 1 7 Supports Reset on either the compatibility or secure port, if 1b 6 Supports Power-Up on either the compatibility or secure port, if 1b 5 Supports Power-Down on either the compatibility or secure port, if 1b 4 Supports Power Cycle Reset on either the compatibility or secure port, if 1b 3 Supports Reset only on the secure port, if 1b.
They are slightly different because this format uses a capability bit for each encoding in the RMCP command to identify individual option support.
This bit becomes set when the Watchdog Timer expires after a Start Watchdog Timer command is issued and the timer expires. Subsequent Start Watchdog Timer or Stop Watchdog Timer commands or an alert-sending device power-on reset will clear this status to 0b. For example, it is conceivable that the state was entered by hardware and software did not have a chance to program the state information, or software pre-programs the system state, but the next state was not reached. BIOS is responsible for programming the device and the state is initiated by hardware, or b the hardware is not powered in the state and incapable of responding.
These payloads represent the proposals that the managed client selected from the list offered by the management console. See 3. Session ID Authentication This payload defines the authentication algorithm proposal selected by the Payload client to be used for this session see 3. The client responds with an Open Session Response 43h message. The Payload Header is defined in the following table.
The Integrity Algorithm payload data type is defined in the following table. The client responds with a Close Session Response 44h message. Upon receiving RAKP Message 1, the managed client verifies that the message contains an active Managed Client Session ID and that a session can be created using the requested user information by evaluating of the Device Security Policy.
No NULL characters 00h are optional allowed in the name. The size of this field depends on Value the specific algorithm that was selected when the session was created. With the shared Session Integrity Key in place, integrity protected messages can now be exchanged between the management console and the managed client.
The size of this field depends on the specific Value algorithm that was selected when the session was created.
Y Y Y Retry? Y Retry? The console never receives this ACK. For Ethernet and Token-ring devices, wake-ups from ARP Requests and RMCP packets are not desired in a managed client because these operations are expected to function in low power sleep states. However, the [NDCPM] requires that wake-up devices support detection of any software programmed packets as well as subsequent wake-up generation.
Alert-sending devices that support wake-up generation are expected to meet the [NDCPM] in their default configuration. However, it is recommended that these alert-sending devices and their software provide configuration mechanisms to allow ARP Request and RMCP packets to be blocked from wake- up.
An ASF-enabled system firmware provides: 1. Argument s : Integer Notes: The system firmware has a single, maximum amount of time that it might wait for an ASF alert-sending device to establish connection with its transport media.
For example, an Ethernet device might require additional time from a cold power-on to establish a network connection. See 5. Length 4 4 The length of the table, in bytes, starting at offset 0. Revision 1 8 The revision of the structure, and the version of the ASF specification supported by the system. The value is stored as a BCD binary coded decimal value. For ASF version 1. Checksum 1 9 The entire table, including the checksum field, must sum to zero to be considered valid by the information consumer.
Larger numbers Revision are assumed to be newer revisions. Creator 4 32 Revision of the utility that created the table. If this bit is set to 1b, then the record is the last one present in the ASF! See section 4. Record 2 2 Identifies the length of the information record, starting at offset 0. Length Variable Varies 4 Contains the data specified by the Type field.
Data Notes: 1. The consumer of this information should make no assumption regarding the order in which the records are specified, i. The length might increase for future specification versions. This value also reflects the maximum amount of time the system firmware requires to reset the initial system boot-failure watchdog timer.
0コメント