*** Intel(R) AMT USB file writer and viewer sample v3.0***

syntax:
To create a USB file:
 USBfile -create <usb output file name> <current MEBx password>
           <new MEBx password> [-v 1|2|2.1|3] [-silent] [-amt] [-rpsk]
           [-v1file <version 1 outfile>]
           [-dns <DNS suffix>] [-fqdn <prov server fqdn>]
           [-consume 0|1]
           [-ztc 0|1]
           [-dhcp 0|1]
           [-sfwu 0|1]
           [-fwu 0|1]
           [-pm 0|1]
           [-fwuq 0|1|2]
           [-pp <16 byte GUID>]
           [-pspo <port number>]
           [-psadd <ipv4|ipv6 addr>]
           [-ito <4 byte of idle time out>]
           [-nrec <num of records>]
           [-gen <num of records>]
           [-xml <xml file name>]
           [-pid <pid> -pps <pps>] 
           [-hash <cert file name> <friendly name>[sha1|sha256|sha384]]
           [-redir <n>]
           [-s4p <StaticIPv4Params>]
           [-hostname <hostname>]
           [-domname <domain name>]
           [-vlan <0|1-VlanTag>]
           [-passPolicyFlag <0|1|2>]
           [-ipv6 <ipv6 xml file name>]
           [-sdFqdn 0|1]
           [-dDnsUpdate 0|1]
           [-kvm 0|1]
           [-kvmUser 0|1]
           [-kvmRemoteIT 0|1]
           [-prov 0|1]
           [-conf 0|1]
           [-scIden <4 bytes of support channel identifier>]
           [-scDesc <support channel description>]
           [-sano <service account number>]
           [-enrPass <enrollment passcode>]
           [-servType 1|2|4]
           [-spIden <16 byte GUID>]

To view the valid records of a USB file:
 USBfile -view <usb file name>

To view a summary of a USB file:
 USBfile -summary <usb file name>

	-v 1|2|2.1|3: the setup file version, 3 by default
	-v1file <version 1 outfile>: creates a version 1 setup file
	-silent: this will suppress the user confirmation step before beginning USB provisioning
	-amt: this will set the manageability selection value to AMT
	-rpsk: this will generate a random psk pair
	-dns <DNS suffix>: sets the PKI dns suffix name (up to length 255)
	-fqdn <prov server fqdn>: string up to length 255
	-consume 0|1: generate inconsumable record or consumable record(s),
	              0 (inconsumable) by default
	-ztc 0|1: disable/enable PKI Configuration, 0 (disable) by default
	-dhcp 0|1: disable/enable DHCP
	-sfwu 0|1: disable/enable secure firmware update
	-fwu 0|1: disable/enable Firmware local update
 	-pm 0|1: Enterprise/SMB provisining mode, 0 (Enterprise) by default
		 Note: this option is deprecated in version 3(+) file format
	-fwuq 0|1|2: Always|Never|Restricted Firmware Update Qualifier
	-pp <GUID>: set the power packege ,GUID should be in network order
	-pspo <port number> provision server port number 
 	-psadd <ipv4|ipv6 addr> :ip address for provision server
 	                         ipv4 example: 123.222.222.121
	                         ipv6 example: fe80:ffff:0012::212
	                         Note: ipv6 address supported only in version 3(+) file format
	-ito <4 bytes of idle time out>: idle time out (valid values: 1-65535)
	-nrec <n> : number of records to create
	-gen <n> : number of records with a random psk pair to create
	           Note: this option is deprecated, use -nrec and -rpsk
	                 options to generate multiple records with random psk pair
	-xml <xml file name> : configuration xml file 
	-pid <pid> -pps <pps>: a psk pair
	-hash <certificate file name> <friendly name>[sha1|sha256|sha384]: to compute and 
		add the hash of the given root certificate file according to the given hash
		algorithm. Up to three certificates hashes may be specified.
		Notes: 1. The hash algorithm is optional, if no hash algorithm
		          is given, the tool uses as default sha1
		       2. The sha256 and sha384 hash algorithms supported only in
		          version 3(+) file format
		       3. In order to compute sha256 and sha384 hash algorithms the
		          tool uses the OpenSSL dll file: libeay32.dll
	-redir <n>:
		This is an integer that is calculated as follows:
		 bit 0 : 1 (Enable) or 0 (Disable) -  SOL feature
		 bit 1 : 1 (Enable) or 0 (Disable) -  IDER feature
		 bit 2 : 1 (Enable) or 0 (Disable) -  Username/password
		         authentication type of the SOL/IDER in the ME FW
	-s4p <localHost:SubnetMask:GatewayAddr:DNSaddr:SecondaryDNSaddr> 
         :e.g 10.0.0.1:255.255.255.0:10.0.0.2:10.0.0.3:10.0.0.4
         Notes: This option is not valid when generating an inconsumable record,
	        DHCP flag must be disabled
	-hostname <hostname> :ASCII reprasentation of host name max length 63
	 Note: This option is not valid when generating an inconsumable record
	-domname <domain name> : max length of domain name is 255
	-vlan <0|1-VlanTag(1-4096)> : VlanStatus disable/enable  e.g. 0-4011
	                              Note: for a non supporting VLAN platforms,
	                                    the MEBx ignores this setting
	-passPolicyFlag <0|1|2> : Default/block in post/always open
	-ipv6 <ipv6 xml file name>: an XML file which holds the IPv6 configuration data
	-sdFqdn 0|1: shared/dedicated FQDN
	             Note: This option is valid only if configuring the hostname as well
	-dDnsUpdate 0|1: disable/enable dynamic DNS update
	                 Note: This option is valid only if configuring the hostname as well
	-kvm 0|1: disable/enable KVM
	-kvmUser 0|1: user consent to KVM control disabled/enabled
	-kvmRemoteIT 0|1: remote IT consent to KVM control disabled/enabled
	-prov 0|1: stop/start configuration
	           Notes:
	           1. Sending the ME provisioning Halt/Activate value of 0, stop configuration,
	              will cause a global reset after all the USB key settings have been applied.
	           2. To guaranty success of this command it is recommended to configure either
	              -dns or -fqdn, otherwise the success depends on the DHCP state of the FW.
	-conf 0|1: automated/manual configuration
	           Automatic configuration will provision the system through communication with the
	           setup and configuration servers. Manual configuration will provision the system
	           immediately to the POST provision state after all other settings have been applied.
	-scIden <4 bytes of support channel id.>: support channel identifier (valid values: 1-65535)
	-scDesc <support channel description>: friendly name used to describe the party represented
	                                       by the support channel identifier. 60 character max.
	-sano <service account number>: unique string identifier given to the end user by the
	                                service provider. 32 character max
	-enrPass <enrollment passcode>: unique string that allows access to the service to complete
	                                enrolment. 32 character max.
	-servType 1|2|4: reactive/proactive/one time session
	-spIden <GUID>: set the service provider identifier
	                GUID should be 32 hexadecimal chars in network order without spaces
	                For example: -spIden 0102030405060708090a0b0c0d0e0f00
	                represents the GUID: 04030201-0605-0807-090a-0b0c0d0e0f00
Examples:
	USBfile -create setup.bin admin Admin22@ -rpsk -v 1 -nrec 10 -xml setup.xml -consume 1
	USBfile -create setup.bin admin Admin22@ -pid AAAA-AAAN
             -pps AAAF-AAAF-AAAF-AAAF-AAAF-AAAF-AAAF-AAAF
	USBfile -view setup.bin

Notes:
1. The BIOS requires a binary file with the name "setup.bin".
2. If a certificate hash is added, all default hashes will be disabled
   and all existing user defined hashes will be deleted.
3. If -pid option was selected the -pps option must come with it and vice versa.
4. If -rpsk or -gen option was selected along with -pid and -pps options, the psk pair that
   will be used is the one supplied using -pid and -pps.
5. If -pspo option was selected the -psadd option must come with it and vice versa.