Visible to Intel only — GUID: GUID-6042B808-2577-432B-A416-3164F141F8AD
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-6042B808-2577-432B-A416-3164F141F8AD
Hash and MAC Algorithms
Hash algorithms are used to take a large message and produce a unique short digest of it.
With a cryptographically strong hash function:
- Different data (usually) maps into different digest values.
- It is hard to find two different data sets that will produce the same hash value.
- It is hard to modify the data without changing the hash.
- It is hard to find data that will produce a given hash except by brute force.
Hashing provides a way to make sure that two messages are equal with a high level of confidence without the need to read the entire message. Only the digest of a message is signed for efficiency. It also allows ensuring that a received message was not changed after it was transmitted by the sender. Only the digest of a message is signed for efficiency.
Intel® DAL supports the one-way hashes:
- SHA-1
- SHA-256
- SHA-512
Message Authentication Code (MAC) algorithms are a sort of keyed hash. They take a message and a secret shared key and provide an output that can be authenticated by the other party to the key. The advantage of MAC algorithms is that they are very very fast and can usually be easily offloaded to the hardware. The disadvantages are that the hashed data cannot be retrieved and there is still a requirement for symmetric keys.
Intel DAL supports the symmetric signature algorithms (keyed hashes):
- HMAC-SHA1
- HMAC-SHA256
- HMAC-SHA512
For more information, see: Secure Hash Standard (PDF)
The practical encryption solution is a hybrid of the available methods:
- Use public key encryption and hash algorithms to provide secure and authenticated key exchange of (usually) random symmetric keys.
- Use encryption keys with symmetric-key encryption algorithms to encrypt the data within a secure session.
- Use signing keys with MAC algorithms to sign data to provide authenticity and data integrity.
Supported from API level 1