mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-26 08:53:21 +00:00
cbc93ea250
Current versions of Intel AMT/vPro only support connecting over SSL, but our current amtterm version isn't built with SSL support. Set the `USE_OPENSSL=1` makeFlag and add openssl and pkg-config. It adds an additional `-C cacert` parameter, which needs to point to a previously downloaded server certificate. The server certificate can be retrieved with `openssl s_client -showcerts -connect $host:16995`. However, due to the use of `UnsafeLegacyRenegotiation`, `OPENSSL_CONF` needs to point to a text file explicitly allowing this: ``` openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_sect [ssl_sect] system_default = ssl_default_sect [ssl_default_sect] Options = UnsafeLegacyRenegotiation ``` With this, I'm able to connect to `/dev/ttyS2` inside the host: ``` ❯ AMT_PASSWORD='supersecret' amtterm $host 16995 -C cert.pem amtterm: NONE -> CONNECT (connection to host) ipv4 $ip [$ip] 16995 open amtterm: CONNECT -> INIT (redirection initialization) amtterm: INIT -> AUTH (session authentication) amtterm: AUTH -> INIT_SOL (serial-over-lan initialization) amtterm: INIT_SOL -> RUN_SOL (serial-over-lan active) serial-over-lan redirection ok connected now, use ^] to escape Hello World ``` |
||
---|---|---|
.. | ||
default.nix |