Visible to Intel only — GUID: GUID-0B843FAD-BB8F-41EC-8492-2F3A55651A82
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-0B843FAD-BB8F-41EC-8492-2F3A55651A82
Applet Manifest
This page provides an overview of the applet manifest's importance in an applet, and how it governs the applet's access to DAL features. For a list of fields in the manifest, see the Applet Manifest guidelines page.
Every trusted application includes what is known as an applet manifest. This file contains the applet's metadata: the supported firmware versions, the list of Java* classes the applet has permission to access, the applet's heap size, and so on. Some of the manifest fields are merely descriptive; others modify the applet's behavior. The contents of the applet manifest determine whether the applet has permission to access any or all of the other features in this section.
The contents of the manifest are verified with each signing request and this information is signed in the trusted application itself.
Some of the manifest fields are available to the host software to identify the trusted application that it is currently communicating with while some of the fields are internal to help the user further notate a project.
Use the Intel® DAL Manifest Editor, which comes as part of the Intel DAL Eclipse* plugin, to edit the editable fields in a manifest, if needed. The Intel DAL Manifest Editor checks the validity of each value as well as also checks compatibility between the FW version and the API version used in a trusted application.
Trusted Application SKUing
Intel DAL supports trusted application SKU limitations in the trusted application manifest.
A trusted application can be limited to:
- PCH SKU list
- CPU type list (e.g. vPro, Core)
- Platform specific feature set (e.g. Intel® ME 8-full)
Because each trusted application manifest is signed, unlike software or installer solutions, this mechanism is more secure and cannot be circumvented. See the SKU Matrix section of the Applet Manifest fields.
Supported from API level 2