Visible to Intel only — GUID: GUID-16A80FBC-03AD-482B-ADE0-B2E999C918BB
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-16A80FBC-03AD-482B-ADE0-B2E999C918BB
Host Interface Service
The Intel® DAL Host Interface Service (Intel® DAL HIS) is part of the Intel DAL infrastructure and serves as an intermediate layer between host applications and the Intel DAL firmware component:
- The Intel® DAL HIS serves as the communications channel between trusted applications and host-based applications.
- The Intel DAL HIS maintains the virtual model and state of the Intel DAL firmware subsystem. Among its roles is to ensure loaded trusted applications remain loaded after a firmware or machine reset.
Note: While the component's official name is Intel® DAL Host Interface Service (Intel® DAL HIS), it is commonly referred to by its engineering name: JHI.
See How to Create Your First Project for a C++ implementation example, as well as a C# implementation under "Create a .NET* Host Application".
Intel® DAL Host Interface Service Installation
The Intel DAL HIS is installed by the Intel® Management Engine (Intel® ME) installer. The installer puts the Intel DAL Host Interface Service files in the Install folder in Program Files. The installer also sets the Intel DAL Host Interface Service registry key and puts the Intel DAL Host Interface Service folder in the System path.
The Intel DAL HIS Registry Keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Services\DAL]
"FILELOCALE"=" X:\Program Files\Intel\Intel Management Engine Components\DAL"
"APPLETSLOCALE"=" X:\ProgramData\Intel\DAL\Applets"
FILELOCALE is where Intel DAL HIS is installed
APPLETSLOCALE is the trusted application repository
The Intel DAL HIS Trusted Application repository will be placed by default in X:\ProgramData\Intel\DAL\Applet
When the Intel DAL HIS is uninstalled, all of the The Intel DAL HIS files are deleted except for the Trusted Application repository. This is because not all applications are smart applications that know how to handle a case where their trusted application is not installed and then reinstall it.
The Intel DAL HIS should have as few privileges as possible to minimize the impact in the event that the Intel DAL HIS is exploited.
- When linking with the JHI libraries, do not use static loading. This is because:
- The application will not be able to defend itself against pre-loading attacks
- The application will crash when JHI.DLL is found to be missing. The message "A Required DLL File, JHI.dll, was not found" will be generated.
Instead of static loading, use one of the following methods:
- Option 1: Use delay load
- Compile with jhi.h + typedefs.h and lnk with JHI.lib (for x64 applications, link with JHI64.lib)
- Before calling any Intel DAL HIS APIs, verify that the JHI.DLL signature is valid.
- Use try-catch to catch exceptions due to the DLL not found error
- Option 2: Use dynamic load
- Use SearchPath / LoadLibrary / GetProcAddress to dynamically load JHI.dll and use it.
In any case, verify that the JHI.DLL signature is valid to avoid DLL pre-loading attacks. Note that until API level 4, the JHISharp.dll signature is not verified. See here for more info by Microsoft.
Intel® Management Engine Interface (Intel® MEI)
For emulated platforms in the SDK, the Intel DAL HIS channel is socket-based and not Intel® MEI-based. This means that the Intel MEI drivers do not need to be installed on emulated platforms.
Intel® DAL Host Interface Service Backward Compatibility
The Intel DAL HIS is backward compatible. The Intel DAL HIS is backward compatible. This means that host applications written using the Intel DAL HIS should continue to work on future versions of the service.
- API backward compatibility: Fully supported, any change in the API is performed via the deprecation process and addition of new APIs
- Error codes backward compatibility:
- Unused error codes remain defined in JHI.h to avoid compilation errors.
- Error codes that have an impact on client application behavior (e.g., JHI_INSUFFICIENT_BUFFER) will not change.
- Feature and behavior backward compatibility:
- Client service will keep the same behaviors and features of previous versions.
- If a change needs to be made, it will be published to the SDK site.
Intel® DAL HIS Error Codes
| Error code | Description |
| JHI_SUCCESS = 0x00 | General success response |
| JHI_INVALID_HANDLE = 0x201 | Invalid JHI handle |
| JHI_INVALID_PARAMS = 0x203 | Passed a null pointer to a required argument or illegal arguments passed to API function |
| JHI_INVALID_APPLET_GUID = 0x204 | The applet UUID is invalid |
| JHI_SERVICE_UNAVAILABLE = 0x301 | There is no connection to JHI service |
| JHI_ERROR_REGISTRY = 0x501 | Error for any registry based access or registry corruption |
| JHI_ERROR_REPOSITORY_NOT_FOUND = 0x1000 | Cannot find applets repository directory |
| JHI_INTERNAL_ERROR = 0x601 | An unexpected internal error happened |
| JHI_INVALID_BUFFER_SIZE = 0x1001 | Used a buffer that is larger than JHI_BUFFER_MAX |
| JHI_INVALID_COMM_BUFFER = 0x1002 | JVM_COMM_BUFFER passed to function is invalid |
| JHI_FILE_ERROR_AUTH = 0x102 | Attempted to load the file, but FW returned back a manifest failure check and rejected it |
| JHI_FILE_INVALID = 0x105 | Invalid file - bad characters or larger than 64K |
| JHI_FILE_ERROR_OPEN = 0x106 | Unable to open file. Maybe permission issues |
| JHI_FILE_UUID_MISMATCH = 0x107 | UUIDs don't match between applet file and function input |
| JHI_FILE_IDENTICAL = 0x108 | Downloaded applet matches existing one in Jom |
| JHI_INVALID_COMMAND = 0x202 | Invalid JHI interface command |
| JHI_SERVICE_INVALID_GUID = 0x302 | Invalid COM GUID (from DLL) |
| JHI_APPLET_TIMEOUT = 0x401 | This may be a result of a Java* code in VM in an infinite loop. TL VM will kill applet in JOM and return error code |
| JHI_JOM_FATAL = 0x403 | JOM fatal error |
| JHI_JOM_ERROR_DOWNLOAD = 0x405 | JOM download error |
| JHI_JOM_ERROR_UNLOAD = 0x406 | JOM unload error |
| JHI_ERROR_LOGGING = 0x500 | Error in logging |
| JHI_UNKNOWN_ERROR = 0x600 | Any other error |
| JHI_INVALID_INSTALL_FILE = 0x1003 | The dalp file path is invalid |
| JHI_READ_FROM_FILE_FAILED = 0x1004 | Failed to read DALP file |
| JHI_INVALID_PACKAGE_FORMAT = 0x1005 | dalp file format is not a valid |
| JHI_FILE_ERROR_COPY = 0x103 | Applet file could not be copied to repository |
| JHI_INVALID_INIT_BUFFER = 0x1006 | Passed an invalid init buffer to the function |
| JHI_FILE_NOT_FOUND = 0x101 | Could not find the specified dalp file |
| JHI_INVALID_FILE_EXTENSION = 0x1007 | Trusted application package file must end with .dalp extension |
| JHI_MAX_INSTALLED_APPLETS_REACHED = 0x404 | Exceeds max applets allowed, need to uninstall an applet |
| JHI_INSTALL_FAILURE_SESSIONS_EXISTS = 0x1008 | Could not install because there are open sessions |
| JHI_INSTALL_FAILED = 0x1009 | No compatible applet was found in the DALP file |
| JHI_SVL_CHECK_FAIL = 0x1040 | Install failed due to a SVL check |
| JHI_ILLEGAL_PLATFORM_ID = 0x1041 | Install failed due to an illegal platform id |
| JHI_SVN_CHECK_FAIL = 0x1042 | SVN of applet lower than previously installed one |
| JHI_TA_ENCRYPTION_KEY_NOT_SET = 0x1043 | Can't install/create session to an encrypted applet without setting a TA encryption key |
| JHI_TA_PLATFORM_MISMATCH = 0x1044 | TA is incompatible for platform. |
| JHI_DELETE_FROM_REPOSITORY_FAILURE = 0x104 | Unable to delete applet DALP file from repository |
| JHI_UNINSTALL_FAILURE_SESSIONS_EXISTS = 0x100A | For app uninstallation errors |
| JHI_APPLET_NOT_INSTALLED = 0x402 | Trying to create a session of an uninstalled applet |
| JHI_INCOMPATIBLE_API_VERSION = 0x100B | Trying to create a session with one JHI API while there are sessions of another JHI API |
| JHI_MAX_SESSIONS_REACHED = 0x100C | Exceeds max sessions allowed, need to close a session |
| JHI_SHARED_SESSION_NOT_SUPPORTED = 0x100D | The applet does not support shared sessions |
| JHI_MAX_SHARED_SESSION_REACHED = 0x100E | Failed to get session handle due to maximum handles limit |
| JHI_FIRMWARE_OUT_OF_RESOURCES = 0x1018 | Request causes the VM to exceed its memory quota |
| JHI_ONLY_SINGLE_INSTANCE_ALLOWED = 0x1019 | Trying to create more than a single instance of an applet |
| JHI_OPERATION_NOT_PERMITTED = 0x101A | User space tried to perform a kernel space operation |
| JHI_INVALID_SESSION_HANDLE = 0x100F | The session handle is not of an active session |
| JHI_INSUFFICIENT_BUFFER = 0x200 | Buffer overflow - response greater than supplied Rx buffer |
| JHI_APPLET_FATAL = 0x400 | This may be a result of uncaught exception or unusual applet error that results in applet being terminated by Intel DAL VM. |
| JHI_APPLET_BAD_STATE = 0x407 | Applet in bad state, need to reopen the session |
| JHI_SESSION_NOT_REGISTERED = 0x1010 | Trying to unregister a session that is not registered for events |
| JHI_SESSION_ALREADY_REGSITERED = 0x1011 | Registration to an event is done only once |
| JHI_EVENTS_NOT_SUPPORTED = 0x1012 | Events are not supported for this type of session |
| JHI_APPLET_PROPERTY_NOT_SUPPORTED = 0x1013 | Returned when calling GetAppletProperty with invalid property |
| JHI_SPOOLER_NOT_FOUND = 0x1014 | Cannot find the spooler file |
| JHI_INVALID_SPOOLER = 0x1015 | Cannot download spooler / create an instance of the spooler |
| JHI_NO_CONNECTION_TO_FIRMWARE = 0x300 | JHI has no connection to the VM |
| JHI_VM_DLL_FILE_NOT_FOUND = 0x1016 | VM DLL is missing from the .exe path |
| JHI_VM_DLL_VERIFY_FAILED = 0x1017 | DLL Signature or Publisher name are not valid |
| JHI_IAC_SERVER_SESSION_EXIST = 0x1020 | May occur when trying to create two sessions on an IAC server applet |
| JHI_IAC_SERVER_INTERNAL_SESSIONS_EXIST = 0x1021 | May occur when trying to close an IAC server applet session that has internal sessions |
| JHI_MISSING_ACCESS_CONTROL = 0x1030 | Applet is not allowed to use one of the JAVA classes or packages |
| JHI_ERROR_OEM_SIGNING_DISABLED = 0x1050 | May occur if DAL OEAM signing is disabled |
| JHI_ERROR_SD_PUBLICKEY_HASH_FAILED = 0x1051 | May occur if there is a mismatch in the public key hash of an SD |
| JHI_ERROR_SD_DB_NO_FREE_SLOT = 0x1052 | In case reached max installed SDs in DB |
| JHI_ERROR_SD_TA_INSTALLATION_UNALLOWED = 0x1053 | TA installation is not allowed for SD |
Intel DAL Host Interface Service with Windows* Event Logging
The Intel DAL HIS uses the Windows event log to post event messages related to its operation. When there is an issue with DAL, the event log is the correct starting point for investigations.
| Symbolic Name | Severity | Message |
| MSG_SERVICE_START | Informational | Intel Dynamic Application Loader Host Interface Service started. |
| MSG_SERVICE_STOP | Informational | Intel Dynamic Application Loader Host Interface Service stopped. |
| MSG_SERVICE_RESET | Informational | Intel Dynamic Application Loader Host Interface Service has been reset. |
| MSG_SPOOLER_NOT_FOUND | Error | Intel Dynamic Application Loader Host Interface Service initialization failure - the spooler applet wasn't found. |
| MSG_INVALID_SPOOLER | Error | Intel Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. |
| MSG_FW_COMMUNICATION_ERROR | Error | Intel Dynamic Application Loader Host Interface Service initialization failure - there is no communication with firmware. |
| MSG_REGISTRY_READ_ERROR | Error | Intel Dynamic Application Loader Host Interface Service has failed to read from registry. |
| MSG_REGISTRY_WRITE_ERROR | Error | Intel Dynamic Application Loader Host Interface Service has failed to write to registry. |
| MSG_REPOSITORY_NOT_FOUND | Error | Intel Dynamic Application Loader Host Interface Service cannot find applet repository. |
| MSG_INSTALL_FAILURE | Warning | Intel Dynamic Application Loader Host Interface Service has failed to install applet. |
| MSG_CREATE_SESSION_FAILURE | Warning | Intel Dynamic Application Loader Host Interface Service has failed to create an applet session. |