Visible to Intel only — GUID: GUID-14E05F54-9BBE-4B45-8D20-FB9EF7716CC7
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-14E05F54-9BBE-4B45-8D20-FB9EF7716CC7
OEM Signing Manifest
This page provides details on the contents of the OEM signing manifest. For details on the process of OEM signing, see the appropriate Features page.
S-SD Manifest
The S-SD manifest determines meta-information about the security domain. Some of the manifest fields are descriptive and some modify the S-SD behavior.
The contents of the manifest are verified with each signing request and this information is signed in the S-SD ACP itself.
The table below summarizes the S-SD manifest properties.
| Field name | Field Type | Field Value Format | Description | Required? |
| sd.id | UUID/GUID | String of the following format: [8 digits]-[4 digits]-[4 digits]-[4 digits]-[12 digits] where a digit is a char in [0-9,A-F,a-f]. |
The globally unique identifier (GUID) of the Security Domain (unique for each SD) | Yes |
| sd.name | String | 1 <= char Length < 32 | A descriptive name for the SD. | Yes |
| sd.max_ta_install | unsigned decimal integer | 1 <= value <= 31 | Max number of installed trusted applications. | Yes |
| sd.max_ta_run | unsigned decimal integer | 1 <= value <= 16 | Max number of concurrently executing trusted applications | Yes |
| sd.access.control | Hexa String | Bit mask. See Using the Applet Manifest . | Specifies the Java API groups the associated S-SD is allowed to utilize - all the trusted applications signed by this S-SD will be subject to this limitation. | Yes |
| sd.firmware.version | Version | Form: major.minor Value: sd.major == fw.major AND (sd.minor == fw.minor OR sd.minor == 9) |
The firmware version the SD is allowed to install on. Resolution is platform generation. When the minor version is 9, the SD is allowed to be installed on all major.x FW versions. |
Yes |
| sd.platform.id | 32 Hexadecimal digits | Specifies the Platform ID for a production platform. Use for signing a Security Domain for a single production platform only - for demo/test purposes. Note that a trusted application signed with this field will load ONLY on the given platform. |
No |