Visible to Intel only — GUID: GUID-EAE4CA11-B314-437C-B6E6-7C6947E57874
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-EAE4CA11-B314-437C-B6E6-7C6947E57874
DRM Solution Sample
Note: This sample is not included in the first public release of the Intel® Dynamic Application Loader (Intel® DAL) SDK. It will be provided in a future release.
This sample demonstrates how to use Intel DAL for Digital Rights Management (DRM) protected content.
Note: This sample only works on real hardware. It will not work in an emulated environment.
This sample includes a Reset button for resetting the sample. A reset cleans the trusted application's keys and metadata, and resets the trusted application's monotonic counter. In real use cases this option should NOT be readily exposed as it is a potential security vulnerability.
The DRM ability takes advantage of these Intel DAL features:
- Protected Terminal Display (PTD)
- Cryptography
- Monotonic counter
Following are the sample's components:
- Server: Delivers the DRM-protected content to the host.
- Host: Receives and stores the DRM-protected content; communicates with the trusted application (TA); transfers data from server to TA and graphics.
- Trusted Application: Generates 2 keys on installation: private and public. The keys are encrypted by the private key and are stored in the host. The host reloads them at each session opening.
- Protected Audio and Video Pipe (PAVP): Provides pipe for playing DRM-protected content.
When a protected file from the server is viewed across different platforms, the key that encrypts the server's AES-120 public symmetric key differs from platform to platform.
- First time: Host asks the TA to generate both its keys (private and public) and send them to the host. The public key is signed with the Intel® Enhanced Privacy ID (Intel® EPID). All other times: Host loads the keys and the encrypted data of how many times each picture was viewed into the TA. The TA decrypts the data and compares the monotonic counter data to the TA counter to avoid data replay.
- The host sends the public key to the server. The server verifies that the public key was signed by an Intel TA using an Intel EPID verification algorithm. For more details, see the EPID 1.1 Signing sample.
- The server packages the AES-128 public symmetric key with the UHID of the DRM-protected content and the number of times the content is allowed to be viewed. The server then encrypts this package with the TA's public key. The server sends the TA-specific TA-key-encrypted package and the general server-key-encrypted image to the host.
- The host stores the server-encrypted image and forwards the TA-key-encrypted package to the TA.
- The TA uses its private key to decrypt the package and extract the server's AES-128 symmetric public key. The TA also begins a view counter, Y, and checks that the DRM-protected content counter value, X, has not been exceeded. The TA indirectly acquires the PAVP key. There is no direct communication between the TA and the PAVP.
- The TA encrypts the server's AES-128 symmetric public key with the PAVP key and sends the encrypted key to the host.
- The host sends the PAVP key and DRM-protected content to the PAVP.
- The host sends the TA a request to store the data securely. The TA increments the monotonic counter, Y, and encrypts the new counter value along with the image ID mapped to the number of times viewed using the platform binding key.