With RealVNC - can I remote into a machine which is still at the bios / boot stage?
Yup, AMT can provide remote access when the system is in any of its sleep states from s0 (fully on) down to s5 (powered off), so long as the system is plugged in and has power available.
You will see the whole BIOS bootup sequence, including seeing and able to send the usual interrupt keys like del or F9 or whatever to get to BIOS setup.
I've had some older HP workstations be a little funky between the BIOS setup and the OS taking using the GPU. Generally I'll see a screen flash and get disconnected, after which VNC reconnects immediately and all is well again.
Newer HPs we have haven't done this that I recall, nor have the Dells or my home built franken-pc so guessing it's a fixed bug with older AMT versions?
In fact one of the main purposes of ME is to change the power state, meaning you can turn the main system on or off or reboot it just from there.
That's how I re-image a remote system after a hard drive failure.
I have someone on-site power off the system and replace the hard drive with a new one, then let me know.
I then connect to the remote system via ME/AMT and setup a dvd-rom redirect to an ISO image on my PC, start the AMT VNC server and connect to it from my PC, lock the remote systems keyboard so anyone local can't over-type me, and then instruct the remote system to power on.
Then during boot if the remote system gets stupid and tries to boot from the new blank HD and stops, I can issue a reboot command and use the F11 boot menu from the BIOS to point it to the DVD drive. Usually that part just works though (like I said, all related to the older HPs)
Once the linux image boots and runs clonezilla, it's just an [enter]-[yes]-[yes] away from writing the backup image back to the new HD.
You can of course point to an OS install media instead and do that manually, I just tend to try and avoid that for installers using a mouse, since over remote links that can suck pretty bad. Over LAN it seems nice and responsive however.
Once done I do a normal "shutdown -h now", disable the DVD drive redirect, and power the system back on. Once I see the windows loading screen I'll disconnect VNC and shut down the VNC server in the AMT, and logout of the https interface.
Since I let AMT piggyback on the host MAC and IP, it basically intercepts any tcp ports it is using instead of passing that info up the stack to the OS.
I don't leave VNC running in the AMT just in case the host OS needs to run a VNC server on the default port for any reason - plus nothing good can really come from leaving it running when not needed.
ME uses https over port 16993, which isn't likely to be used on the OS (or if so, too bad for that app I guess)
If you already have RealVNC and a Core i7 at home to play with, boot the i7 and hit control-p where you normally would hit delete or a function key, and you'll be in the ME setup menu.
You can enable both ME and AMT (they are separate sub-systems) and play around.