Visible to Intel only — GUID: GUID-A0CD7929-8B20-42BF-9322-40D6F9E56A3C
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-A0CD7929-8B20-42BF-9322-40D6F9E56A3C
Protected Storage Sample
This sample shows how you can store data securely on your hard disk using Intel® Dynamic Application Loader (Intel® DAL). The data is encrypted so that only the creating trusted application can decrypt it, and it can only be decrypted on the specific platform on which the data was encrypted.
This sample also includes using the Intel DAL monotonic counter feature to prevent old data replay.
Storing Data Sample Flow
- The user sends the data for encryption to the trusted application. In the sample, this is the current date and time.
- The trusted application increments the monotonic counter (MTC).
- The trusted application encrypts the data and the MTC value with a platform binding key. This means that the data can be decrypted only on this platform.
- The trusted application returns the encrypted data to the calling host.
- The host stores the data on the hard disk for future use.
Loading Data Sample Flow
- The host loads the data from the hard disk and sends it to the trusted application for decryption.
- The trusted application decrypts the data and the data's MTC value with a platform binded key.
- The trusted application compares the data's MTC value with the current MTC value. If the values are not identical, an error is returned.
- If the values are identical, the trusted application returns the encrypted data to the host.
Reset Sample Flow
- The host sends the trusted application a reset request.
- The trusted application resets the MTC's value.
- The host erases the old data.
Replay Attempt Sample Flow
- The host copies the current stored data.
- The host calls the Storing New Data flow.
- The host calls the Loading Data flow with the old data.
- The trusted application is expected to detect the replay and return an error.