Platform Binding Key (Pbind)

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Download PDF

ID 773482

Date 3/24/2023

Version 1.0

Public

Visible to Intel only — GUID: GUID-EAB2FAEA-1D38-47F2-98A0-BF2B16A8E212

View Details

Document Table of Contents

Document Table of Contents x

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide x

Architecture Features SDK Contents Intel® DAL Environment Writing Your Code Project Development Flow Troubleshooting Additional Documentation

Architecture x

Applets Host Applications Host-Applet Interface

Applets x

Applet Manifest Installation

Host-Applet Interface x

Host Interface Service TEE Management Linux Support

TEE Management x

TEE Admin Commands TEE Management Client Interface TEE Management Error Codes Trusted Application Life Cycle

Features x

Intel® AMT Cryptography Events Inter-Applet Communication (IAC) Monotonic Counters OEM Signing Platform Seed Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID) SSL\\TLS Secure Display Secure Storage Secure Time Sessions Applet Encryption Timers

Cryptography x

Symmetric Key Cryptography Public (Asymmetric) Key Cryptography Hash and MAC Algorithms Platform Binding Key (Pbind) Data Migration Performance Considerations

OEM Signing x

Sub-Security Domain Life Cycle OEM Platform Ownership S-SD Signature Parameters Signing Process

Secure Storage x

Secure Storage Guidelines

Sessions x

Non-Shared Session Shared Session Shared Session Removal Abandoned Sessions

SDK Contents x

Tools Samples Plugins

Tools x

Pack Tool DALPackageCreator Tool Admin Command Tool Emulauncher Generic Host Application (Windows*, Linux*, Android*) Linux Tools Troubleshooter

Generic Host Application (Windows*, Linux*, Android*) x

Generic Windows* and Linux* Host Application Generic Android* Host Application

Samples x

Applets with Host Applications Samples Server Host Applications Only

Applets with Host Applications x

Intel® EPID 1.1 Provisioning Sample Intel® EPID 1.1 Signing Sample DRM Solution Sample Events Sample IAC Sample Protected Storage Sample SIGMA 1.1 Sample SSL Sample Secure Data Migration Sample

Intel® EPID 1.1 Provisioning Sample x

TCB Recovery Flow Sample Components Sample Flow

Host Applications Only x

TEE Management API Sample KDI Sample Linux* Host Application Sample Android* Host Application Sample Android* Native Host Sample

Plugins x

Eclipse* Plugin Microsoft* Visual Studio Plugin for Intel® DAL

Intel® DAL Environment x

Available Platforms and SKUing Processing Power and Speed Memory Power States Applet Manifest API Levels

Memory x

Trusted Application Code Memory Heap Memory Memory Policy Enforcement Preserving VM Space in a Multiple Secure Application Environment Setting Memory Requirements Performance

Writing Your Code x

Using the Applet Manifest Java* Limitations Memory Management Security Guidelines Validation Guidelines OEM Signing Manifest Secure Display Security Guideline Secure Time Guidelines Timer Guidelines

Using the Applet Manifest x

Applet Manifest Fields

Applet Manifest Fields x

Trusted Application Fields Required Properties Trusted Application Manifest Fields Optional Properties Manifest Fields Format Rules Specific Fields SKU Matrix

SKU Matrix x

For API Level 1 - Intel® ME 7.x - Sandy Bridge For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge For API Level 2 - Intel® ME 8.0 - Ivy Bridge For API Level 3 - Intel® ME 8.1 - Ivy Bridge For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0 For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell For API Level 5 - Intel® ME 10.0.0 - Haswell For API Level 6 - Intel® ME 10.0.20 - Broadwell For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H For API Level 9 - Intel® ME 12.0 - Cannon Lake

Validation Guidelines x

Trusted Application Validation Guidelines Validating the Manifest Memory and Performance Error Handling and Recovery Functional Validation and Multi-Instance Support Pack and DALP Generation and Validation Host-Side Software Validation Guidelines Trusted Application Management Flows Error Handling and Recovery Flows Multi-Instance and Interoperability Testing of Trusted Application Management General and Platform-Related Events End-to-End and Setup Validation Guidelines Cross Trusted Application Interoperability Functional Testing

Project Development Flow x

Creating a New Project Importing an Existing Project Converting an Existing Project Building and Packaging Your Project and Running in Emulated Environment Running Your Project Running and Testing on Emulation and on Silicon Debugging Trusted Applications Preparing and Submitting Your Project for Signing Signing an Applet Signing New Versions

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Architecture

Applets

Applet Manifest

Installation

Host Applications

Host-Applet Interface

Host Interface Service

TEE Management

TEE Admin Commands

TEE Management Client Interface

TEE Management Error Codes

Trusted Application Life Cycle

Linux Support

Features

Intel® AMT

Cryptography

Symmetric Key Cryptography

Public (Asymmetric) Key Cryptography

Hash and MAC Algorithms

Platform Binding Key (Pbind)

Data Migration

Performance Considerations

Events

Inter-Applet Communication (IAC)

Monotonic Counters

OEM Signing

Sub-Security Domain Life Cycle

OEM Platform Ownership

S-SD Signature Parameters

Signing Process

Platform Seed

Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)

SSL\\TLS

Secure Display

Secure Storage

Secure Storage Guidelines

Secure Time

Sessions

Non-Shared Session

Shared Session

Shared Session Removal

Abandoned Sessions

Applet Encryption

Timers

SDK Contents

Tools

Pack Tool

DALPackageCreator Tool

Admin Command Tool

Emulauncher

Generic Host Application (Windows*, Linux*, Android*)

Generic Windows* and Linux* Host Application

Generic Android* Host Application

Linux Tools

Troubleshooter

Samples

Applets with Host Applications

Intel® EPID 1.1 Provisioning Sample

TCB Recovery Flow

Sample Components

Sample Flow

Intel® EPID 1.1 Signing Sample

DRM Solution Sample

Events Sample

IAC Sample

Protected Storage Sample

SIGMA 1.1 Sample

SSL Sample

Secure Data Migration Sample

Samples Server

Host Applications Only

TEE Management API Sample

KDI Sample

Linux* Host Application Sample

Android* Host Application Sample

Android* Native Host Sample

Plugins

Eclipse* Plugin

Microsoft* Visual Studio Plugin for Intel® DAL

Intel® DAL Environment

Available Platforms and SKUing

Processing Power and Speed

Memory

Trusted Application Code Memory

Heap Memory

Memory Policy Enforcement

Preserving VM Space in a Multiple Secure Application Environment

Setting Memory Requirements

Performance

Power States

Applet Manifest

API Levels

Writing Your Code

Using the Applet Manifest

Applet Manifest Fields

Trusted Application Fields Required Properties

Trusted Application Manifest Fields Optional Properties

Manifest Fields Format Rules

Specific Fields

SKU Matrix

For API Level 1 - Intel® ME 7.x - Sandy Bridge

For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge

For API Level 2 - Intel® ME 8.0 - Ivy Bridge

For API Level 3 - Intel® ME 8.1 - Ivy Bridge

For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0

For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell

For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell

For API Level 5 - Intel® ME 10.0.0 - Haswell

For API Level 6 - Intel® ME 10.0.20 - Broadwell

For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H

For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H

For API Level 9 - Intel® ME 12.0 - Cannon Lake

Java* Limitations

Memory Management

Security Guidelines

Validation Guidelines

Trusted Application Validation Guidelines

Validating the Manifest

Memory and Performance

Error Handling and Recovery

Functional Validation and Multi-Instance Support

Pack and DALP Generation and Validation

Host-Side Software Validation Guidelines

Trusted Application Management Flows

Error Handling and Recovery Flows

Multi-Instance and Interoperability Testing of Trusted Application Management

General and Platform-Related Events

End-to-End and Setup Validation Guidelines

Cross Trusted Application Interoperability Functional Testing

OEM Signing Manifest

Secure Display Security Guideline

Secure Time Guidelines

Timer Guidelines

Project Development Flow

Creating a New Project

Importing an Existing Project

Converting an Existing Project

Building and Packaging Your Project and Running in Emulated Environment

Running Your Project

Running and Testing on Emulation and on Silicon

Debugging Trusted Applications

Preparing and Submitting Your Project for Signing

Signing an Applet

Signing New Versions

Troubleshooting

Additional Documentation

Visible to Intel only — GUID: GUID-EAB2FAEA-1D38-47F2-98A0-BF2B16A8E212

View Details

Platform Binding Key (Pbind)

Trusted applications do not usually have flash memory allocated to them. However, a mechanism is still needed to allow trusted applications to store data on the host side securely.

For that purpose, special secure encryption and signing APIs with "platform-binding keys" are exposed to the trusted application. The keys themselves are stored securely in VM storage and are not exposed to the trusted application. Each key is unique to the machine, trusted application and algorithm. A trusted application can encrypt and sign the data that it needs to store and then pass it to the host application to store on the host's non-volatile storage. If there is any concern regarding replay attacks of malware replacing non-volatile data with an old version, the trusted application can use the monotonic counter APIs to add this information to the data and verify that the data is the correct version.

Warning: On platforms prior to 7th gen Intel® Core™ microarchitecture code named Kaby Lake (Intel® Management Engine (Intel® ME) 11.5) and Intel Atom® SoC code named Broxton (Intel® Trusted Execution Engine (Intel® TXE 3.0), the Pbind key is lost after clear-CMOS/coin battery removal and after the Return To Factory Defaults (RTFD) operation.

Supported from API level 1

Level Two Title

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Platform Binding Key (Pbind)