Added AMT Key Pair generation retry and better error display, #3615

2025-03-09 15:40:18 +00:00 · 2022-02-25 13:37:34 -08:00 · 2022-02-25 13:37:34 -08:00 · fd4823ac82
commit fd4823ac82
parent 86a6970631
2 changed files with 59 additions and 5 deletions
--- a/amtprovisioningserver.js
+++ b/amtprovisioningserver.js
@ -283,6 +283,31 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
        dev.amtstack.BatchEnum(null, ['AMT_PublicKeyCertificate', 'AMT_PublicPrivateKeyPair', 'AMT_TLSSettingData', 'AMT_TLSCredentialContext'], attemptTlsSyncEx);
    }

+    // Intel AMT is not always in a good spot to generate a key pair. This will retry at 10 second interval.
+    function generateKeyPairWithRetry(dev, func) {
+        if (isAmtDeviceValid(dev) == false) return;
+        if (dev.keyPairAttempts == null) { dev.keyPairAttempts = 1; } else { dev.keyPairAttempts++; }
+        dev.amtstack.AMT_PublicKeyManagementService_GenerateKeyPair(0, 2048, function (stack, name, responses, status) {
+            if (isAmtDeviceValid(dev) == false) { delete dev.keyPairAttempts; return; }
+            if ((status == 200) || (dev.keyPairAttempts > 19)) {
+                delete dev.keyPairAttempts;
+                func(stack, name, responses, status);
+            } else {
+                if ((responses.Body != null) && (responses.Body.ReturnValue != null) && (responses.Body.ReturnValueStr != null)) {
+                    dev.consoleMsg("Failed to generate a key pair (" + status + ", " + responses.Body.ReturnValue + ", \"" + responses.Body.ReturnValueStr + "\"), attempt " + dev.keyPairAttempts + ", trying again in 10 seconds...");
+                } else {
+                    dev.consoleMsg("Failed to generate a key pair (" + status + "), attempt " + dev.keyPairAttempts + ", trying again in 10 seconds...");
+                }
+
+                // Wait 10 seconds before attempting again
+                var f = function doManage() { generateKeyPairWithRetry(doManage.dev, doManage.func); }
+                f.dev = dev;
+                f.func = func;
+                setTimeout(f, 10000);
+            }
+        });
+    }
+
    function attemptTlsSyncEx(stack, name, responses, status) {
        const dev = stack.dev;
        if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
@ -315,7 +340,7 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
        if (xxTlsCurrentCert === null) {
            // Start by generating a key pair
            dev.consoleMsg("No TLS certificate. Generating key pair...");
-            dev.amtstack.AMT_PublicKeyManagementService_GenerateKeyPair(0, 2048, function (stack, name, responses, status) {
+            generateKeyPairWithRetry(dev, function (stack, name, responses, status) {
                const dev = stack.dev;
                if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
                if (status != 200) { dev.consoleMsg("Failed to generate a key pair (" + status + ")."); removeAmtDevice(dev, 20); return; }