Visible to Intel only — GUID: GUID-735E3F90-4568-4103-9B84-02BEBD398DF0
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-735E3F90-4568-4103-9B84-02BEBD398DF0
Secure Display
This page provides an overview of the Secure Display feature. For guidelines on how to work with this feature, see Secure Display Security Guidelines.
When it comes to deploying an Internet or Intranet based service, the online service provider has little assurance that some malware on the user's PC has not modified what the user sees. There is also no assurance that the service provider is interacting with a real human.
To plug these security gaps, service providers depend heavily on the user to be security-savvy. This also creates situations in which a user can dispute a transaction i.e. the service provider gets no non-repudiation assurance. Secure Display technology addresses these gaps in today's online services deployment environment. When Secure Display is used, an online service provider receives the following assurances:
- Malware cannot steal sensitive data that was viewed and authorized by the user on his/her display.
- Security-sensitive inputs expected from a user e.g. PIN, password etc. were actually presented by a human and not replayed by some malware bot.
- That the real-service user cannot deny that their PC was involved in authorizing a transaction and that, in fact, a real human did the authorization.
In short, Secure Display is intended to provide assurances about transaction integrity, user presence, and non-repudiation. Lastly, since Secure Display has been designed with the assumption that users are not security savvy, it helps improve security and remove the guessing game for service provider and users.
Secure Display makes use of existing encryption capability of Intel® integrated graphics to prevent the scraping of the content displayed to the user, thereby creating an "Encrypted Display Window". Since this Encrypted Display Window is displayed under the control of the operating system window manager, the operating system is able to draw mouse movements and accept touch inputs over the window thus creating a mechanism for a user to interact via clickable (and touchable) elements in the Encrypted Display Window.
Additionally, by randomizing the placement of clickable (and touchable) elements, the interaction of the user with these elements in the Encrypted Display Window (Secure Display window) cannot be replayed by host malware. All security-sensitive data is generated by and interpreted only within isolated environments and by the user.
The net effect is that a non-spoofable trusted path for user input and display output is created, without the user having to make any decisions about the trustworthiness of any window.
Supported from API Level 2