Visible to Intel only — GUID: GUID-3EF721C3-A8DB-4022-BE39-3CF63A774C02
Available Platforms and SKUing
Processing Power and Speed
Memory
Power States
Applet Manifest
API Levels
New in API Level 9
New in API Level 8
New in API Level 7
Admin Command Package
Manifest Fields
New in API Level 6
New in API Level 5
JDK version of the compilation was upgraded from 1.3 to 1.6.
Isdi.jar was renamed to dal.jar.
Jeffc is replaced by bhcTool.
New in API Level 4
New in API Level 2
Available in API Level 1
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-3EF721C3-A8DB-4022-BE39-3CF63A774C02
API Levels
Intel® DAL defines an API level that reflects a specific revision of the Intel DAL Java* Class Library (JCL); the number of the API level is incremented for each new project as new features are added and the library is extended.
► Tip: For details on Intel DAL API classes, see the Intel DAL API Reference.
► Tip: For more information on the functionality available in each API level, see the section Intel DAL API Levels & Features in the Applet APIs page of the Intel DAL API Reference.
In earlier projects (API levels 1-6), the manifest property applet.api.level of the applet specifies the platform on which the applet will be able to run on.
As of API level 7, applets can run on a platform if they meet the following constraint: Applet API level <= Platform API level.
New in API Level 9
- Intel® EPID / Sigma 2.0. Class documentation: com.intel.crypto.SigmaAlgEx2
- TLS 1.2
New in API Level 8
- ECIES (Elliptic curve integrated encryption scheme)
- SSL Client Authentication
- AMTProvision: This class enables using Intel® DAL to provision Intel® AMT. Class documentation: com.intel.util.AMTProvision
- DataMigration: When the Intel® CSME Firmware Secure Version Number (SVN) is incremented via firmware update, the applet PBIND key changes, causing any data which was encrypted or HMAC'd with the PBIND key to be no longer usable. This class provides the ability to apply the previous PBIND key to retrieve this data. Class documentation: com.intel.crypto.DataMigration
New in API Level 7
Admin Command Package
In API level 7 (for code name Sunrise Point), the applet pack format was changed to support admin command packs. The regular pack command is renamed as InstallJTA. Two new admin commands were added:
- UninstallJTA: uninstalls an existing JAVA trusted application (TA).
- UpdateSVL: updates the Intel DAL firmware's Security Version List mechanism with the new Security Version List.
Required actions for existing projects:
- Eclipse* plugin: Nothing. Note: You can upgrade an applet project from API level 5 and above only.
- Build script: Update your manifest and scripts accordingly.
See the Admin Command Tool for information on loading Admin Command Packages (ACPs).
Manifest Fields
There are 2 new manifest fields that allow inter-applet communication:
- applet.service.consumed: List of UUIDs, {UUID1, UUID2} that represents the UUIDs of applets allowed to communicate with the TA. Using this property requires the use of the ServiceClient APIs.
- applet.service.sessions: Number of allowed open sessions for a single instance. Using this property requires inheriting from the ServiceApplet class and vice versa.
As a result of the changes in the applet pack format, there are several implications for users of previous releases:
- firmware.min_version field was removed.
- applet.platform field is CSE.
- applet.api.level field is 7.
- applet.entry_class field is mandatory.
- applet.access.control field was added and is mandatory.
- applet.feature.set field was removed.
- applet.feature.set.permission field was removed.
The applet.access.control field specifies the JAVA classes and packages that the applet is allowed to use. For information on how to set the access control value, see Trusted Application Manifest.
New in API Level 6
TBD
New in API Level 5
The VM was changed in Intel DAL API level 5. The VM change was backported to Intel® ME 9.1.35, ME 9.5.55, SEC1.1, SEC1.2 and SEC2.0 platforms.
This has some implications for the user from previous releases:
JDK version of the compilation was upgraded from 1.3 to 1.6.
What do you need to do?
- Old code may have compilation errors and should be rewritten to use iterators and generics.
- Do not install a lower JDK on your machine. This affects project compilation settings.
- Old API level 1 - 4 projects cannot be upgraded to API level 5. API level 5 projects cannot be downgraded.
Isdi.jar was renamed to dal.jar.
What do you need to do?
- SDK Eclipse plugin - nothing.
- Build script - change built script accordingly.
Jeffc is replaced by bhcTool.
What do you need to do?
- SDK Eclipse plugin - nothing.
- Build script - change built script accordingly.
There are 3 new manifest fields:
applet.instance.debuggable - Signifies where the the applet instance JAVA code is debuggable. applet.entry_class - If multiple subclasses of IntelApplet are included in an applet package, use this property to specify the main entry applet class full name, including the package name. applet.api.level - Specifies the API level of the applet.
New in API Level 4
- SSL
- Intel® Enhanced Privacy Identification (Intel® EPID) 1.1
New in API Level 2
Available in API Level 1
Crypto