Visible to Intel only — GUID: GUID-379E4AF4-CE44-4978-9060-969D242E3478
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-379E4AF4-CE44-4978-9060-969D242E3478
Installation
Installing and Uninstalling a Trusted Application
The host application installs the trusted application into the Intel® Dynamic Application Loader (Intel® DAL) firmware via the Intel DAL host infrastructure. This needs to be performed only once. Once a trusted application has been loaded, it stays loaded even after a system has been reset or powered down.
The host application can uninstall the trusted application.
Intel DAL trusted applications cannot be copied to the trusted execution environment. They must be installed by the host application via the Intel® DAL Host Interface Service to the trusted execution environment.
Trusted Application Installation Flow
- The host application calls the function JHI_Install2 (see Host Interface CPP in the API reference) and passes the full path of the trusted application DALP file.
- The Intel DAL Host Interface Service verifies the DALP file's validity according to a specific schema. The same validation is performed by the DALP tool.
- The Intel DAL Host Interface Service filters the trusted application blobs (PACK files binary) for those trusted applications that share the same major firmware version (e.g., 9.x.x.x), that is the closest to the major firmware version burned on the machine and has the correct platform type.
- All compatible trusted application blobs are sorted from highest to lowest by firmware version and trusted application version.
- The Intel DAL Host Interface Service will attempt to download each of these blobs to the virtual machine (VM) until one of them is accepted by the VM.
- The Intel DAL Host Interface Service will not download trusted applications that are signed with Intel® Identity Protection Technology (Intel® IPT) enabled if Intel IPT is not enabled on the platform.
- The firmware is responsible for verifying the signature and compatibility of each trusted application. No security checks are performed by the Intel DAL Host Interface Service.
- If one trusted application is successfully downloaded, the trusted application installation is considered successful. The DALP file is stored in the Intel DAL Host Interface Service repository for future use. The application can use the JHI_GetAppletProperty to query the attributes of the loaded trusted applications (e.g., the trusted application version).
- If no trusted application loaded successfully, the application will receive a general error, JHI_INSTALL_FAILED. Currently there is no way for the application to understand why a trusted application blob was rejected by the VM.
Trusted Application Repository
The trusted application repository allows applications that do not have access to the DALP file to use other software to install a trusted application for them. For example, a browser plugin installer can install the trusted application when it installs the browser plugin; the plugin, which has no access to the file system, will be able to use the trusted application without the need to install it.
When a trusted application is successfully installed, the Intel DAL Host Interface Service stores the trusted application's DALP file in a directory known as the Trusted Application Repository. This allows the Intel DAL Host Interface Service to download a needed trusted application to the VM without the need for the application to use JHI_Install2 for the installation. This means that applications can start using the trusted application by calling JHI_CreateSession immediately after calling JHI_Initialize, and then start communicating with their session using JHI_SendAndRecv2. Calling JHI_GetAppletProperty will also load the trusted application to the VM in the event that it hasn't been loaded.