Visible to Intel only — GUID: GUID-B9B64FD4-16C3-40A5-89E3-D5B5E0C1EED4
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-B9B64FD4-16C3-40A5-89E3-D5B5E0C1EED4
Cryptography
Cryptography is used by Intel® DAL applets and firmware to exchange data securely, validate its integrity, and authenticate another party. The com.intel.crypto package provides an interface to cryptographic services.
The goals of cryptography are fourfold:
- Data Integrity - Ensure that data is created/modified by authorized parties only.
- Secrecy/Confidentiality - Restrict access to authorized parties only.
- Authentication - Verify the identity of an entity.
- Non-repudiation - Verify an action or data in such a way that denying its validity is impossible.
These goals can be achieved by using one or more of the following algorithms and a confidential key:
- Symmetric key cryptography: the same key is used for both encryption and decryption.
- Public (asymmetric) key cryptography:
- Encryption - a public key is used for encryption; a private key is used for decryption.
- Digital signing - a private key is used for signing; a public key is used for verification.
The following sections describe the cryptography algorithms that are supported by Intel DAL.