Visible to Intel only — GUID: GUID-0A0BE167-C692-484A-B867-25B6F90C365C
Visible to Intel only — GUID: GUID-0A0BE167-C692-484A-B867-25B6F90C365C
SSL\\TLS
Beginning with Intel® Management Engine (Intel® ME) 9.0, trusted applications can use PKI to establish an SSL connection with a remote server.
The Intel® DAL infrastructure exposes to a Trusted Application a set of classes that will allow the Trusted Application to establish a TLS session as a client end-point.
- Protocol versions:
- TLS1.0, supported on old platforms only (Intel® ME 11 and older, and Intel® Trusted Execution Engine (Intel® TXE) 4.x and older).
- TLS 1.1
- TLS 1.2 supported since Intel ME 12 (API level 9)
- Supports server authentication.
- Supports client authentication starting from Intel TXE 3.x and Intel® Converged Security and Management Engine (Intel® CSME) 12.
- Revocation mechanism supported using CRLs.
- TLS client supports data chunks as well as whole package data.
- TLS client supports configuration of security options.
Warning: On Intel ME 9 through Intel CSME 12, the TLS infrastructure is supported only on Corporate (5MB) firmware SKUs. As a result, using APIs that use this capability, such as those included in SslSession, CertificateChain, CertificateStore and AMT, will result in NotSupportedException on Consumer (1.5M) firmware SKUs.
Starting from Intel TXE 3 and Intel CSME 13, the TLS infrastructure is supported on all SKUs.
See the SSL Sample for more details.