Visible to Intel only — GUID: GUID-C89B6604-9491-4A3B-A60D-CE2414CE94A4
Intel® AMT
Cryptography
Events
Inter-Applet Communication (IAC)
Monotonic Counters
Usage Limitation
Protecting Monotonic Counters from Replay Attacks
OEM Signing
Platform Seed
Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)
SSL\\TLS
Secure Display
Secure Storage
Secure Time
Sessions
Applet Encryption
Timers
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-C89B6604-9491-4A3B-A60D-CE2414CE94A4
Monotonic Counters
Monotonic counters allow trusted applications to detect offline storage data replay attacks. A separate monotonic counter is available for use by each applet, and is shared between instances of the same applet (i.e., if multiple applets are running on a platform, each applet will use a separate monotonic counter).
To prevent an attacker from replaying data, the applet reads the current monotonic counter value and increments it every time data is updated. It embeds the incremented counter in the data. If an attacker subsequently attempts to replay the data, the data will contain the old monotonic counter (and not the newly incremented value), thereby indicating that the data is not valid.
The applet can also reset the monotonic counter to zero, in which case the counter does not guarantee the data's validity.
Warning: A monotonic counter's value is lost in the following cases: ♦ After the Return To Factory Defaults (RTFD) operation. ♦ After clear-CMOS/coin-battery removal, unless the counter is protected from replay attacks and is SPI-based (see Protecting Monotonic Counters from Replay Attacks below). For an example of how to use the monotonic counter to prevent replay of old data, see the Protected Storage Sample.
Usage Limitation
Due to flash wear-out considerations, a trusted application is allowed to use up to 100 counter increments or counter reset operations during a single epoch.
The epoch ends when one of the following occurs:
- Platform power cycle (reboot or shut-down).
- 24 hours have passed since the trusted application was installed, or since the last increment or last reset operation.
Protecting Monotonic Counters from Replay Attacks
Starting with API level 7, monotonic counters are protected against replay attacks.
Due to physical limitations, this protection is disabled on some platforms that do not have coin batteries, as described below.
| Boot Type | Configuration | Protected Against Replay Attacks? |
|---|---|---|
| eMMC | RPMB Coin\Coinless | Yes |
| SPI | Coin | Yes (value is reset to zero after clear-CMOS) |
| Coinless | No |
To detect whether the monotonic counter on the platform is protected against replay attacks, use the Intel DAL API function FlashStorage.GetAntiReplayType(). If the function returns AR_WITH_MANY_FALSE_DETECTIONS, the monotonic counter is protected.
Supported from API level 1.0