Sub-Security Domain Life Cycle

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Download PDF

ID 773482

Date 3/24/2023

Version 1.0

Public

Visible to Intel only — GUID: GUID-1FF4ECAC-93A1-42C1-A318-135473BA286B

View Details

Document Table of Contents

Document Table of Contents x

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide x

Architecture Features SDK Contents Intel® DAL Environment Writing Your Code Project Development Flow Troubleshooting Additional Documentation

Architecture x

Applets Host Applications Host-Applet Interface

Applets x

Applet Manifest Installation

Host-Applet Interface x

Host Interface Service TEE Management Linux Support

TEE Management x

TEE Admin Commands TEE Management Client Interface TEE Management Error Codes Trusted Application Life Cycle

Features x

Intel® AMT Cryptography Events Inter-Applet Communication (IAC) Monotonic Counters OEM Signing Platform Seed Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID) SSL\\TLS Secure Display Secure Storage Secure Time Sessions Applet Encryption Timers

Cryptography x

Symmetric Key Cryptography Public (Asymmetric) Key Cryptography Hash and MAC Algorithms Platform Binding Key (Pbind) Data Migration Performance Considerations

OEM Signing x

Sub-Security Domain Life Cycle OEM Platform Ownership S-SD Signature Parameters Signing Process

Secure Storage x

Secure Storage Guidelines

Sessions x

Non-Shared Session Shared Session Shared Session Removal Abandoned Sessions

SDK Contents x

Tools Samples Plugins

Tools x

Pack Tool DALPackageCreator Tool Admin Command Tool Emulauncher Generic Host Application (Windows*, Linux*, Android*) Linux Tools Troubleshooter

Generic Host Application (Windows*, Linux*, Android*) x

Generic Windows* and Linux* Host Application Generic Android* Host Application

Samples x

Applets with Host Applications Samples Server Host Applications Only

Applets with Host Applications x

Intel® EPID 1.1 Provisioning Sample Intel® EPID 1.1 Signing Sample DRM Solution Sample Events Sample IAC Sample Protected Storage Sample SIGMA 1.1 Sample SSL Sample Secure Data Migration Sample

Intel® EPID 1.1 Provisioning Sample x

TCB Recovery Flow Sample Components Sample Flow

Host Applications Only x

TEE Management API Sample KDI Sample Linux* Host Application Sample Android* Host Application Sample Android* Native Host Sample

Plugins x

Eclipse* Plugin Microsoft* Visual Studio Plugin for Intel® DAL

Intel® DAL Environment x

Available Platforms and SKUing Processing Power and Speed Memory Power States Applet Manifest API Levels

Memory x

Trusted Application Code Memory Heap Memory Memory Policy Enforcement Preserving VM Space in a Multiple Secure Application Environment Setting Memory Requirements Performance

Writing Your Code x

Using the Applet Manifest Java* Limitations Memory Management Security Guidelines Validation Guidelines OEM Signing Manifest Secure Display Security Guideline Secure Time Guidelines Timer Guidelines

Using the Applet Manifest x

Applet Manifest Fields

Applet Manifest Fields x

Trusted Application Fields Required Properties Trusted Application Manifest Fields Optional Properties Manifest Fields Format Rules Specific Fields SKU Matrix

SKU Matrix x

For API Level 1 - Intel® ME 7.x - Sandy Bridge For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge For API Level 2 - Intel® ME 8.0 - Ivy Bridge For API Level 3 - Intel® ME 8.1 - Ivy Bridge For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0 For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell For API Level 5 - Intel® ME 10.0.0 - Haswell For API Level 6 - Intel® ME 10.0.20 - Broadwell For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H For API Level 9 - Intel® ME 12.0 - Cannon Lake

Validation Guidelines x

Trusted Application Validation Guidelines Validating the Manifest Memory and Performance Error Handling and Recovery Functional Validation and Multi-Instance Support Pack and DALP Generation and Validation Host-Side Software Validation Guidelines Trusted Application Management Flows Error Handling and Recovery Flows Multi-Instance and Interoperability Testing of Trusted Application Management General and Platform-Related Events End-to-End and Setup Validation Guidelines Cross Trusted Application Interoperability Functional Testing

Project Development Flow x

Creating a New Project Importing an Existing Project Converting an Existing Project Building and Packaging Your Project and Running in Emulated Environment Running Your Project Running and Testing on Emulation and on Silicon Debugging Trusted Applications Preparing and Submitting Your Project for Signing Signing an Applet Signing New Versions

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Architecture

Applets

Applet Manifest

Installation

Host Applications

Host-Applet Interface

Host Interface Service

TEE Management

TEE Admin Commands

TEE Management Client Interface

TEE Management Error Codes

Trusted Application Life Cycle

Linux Support

Features

Intel® AMT

Cryptography

Symmetric Key Cryptography

Public (Asymmetric) Key Cryptography

Hash and MAC Algorithms

Platform Binding Key (Pbind)

Data Migration

Performance Considerations

Events

Inter-Applet Communication (IAC)

Monotonic Counters

OEM Signing

Sub-Security Domain Life Cycle

OEM Platform Ownership

S-SD Signature Parameters

Signing Process

Platform Seed

Applet Attestation Using Intel® Enhanced Privacy ID (Intel® EPID)

SSL\\TLS

Secure Display

Secure Storage

Secure Storage Guidelines

Secure Time

Sessions

Non-Shared Session

Shared Session

Shared Session Removal

Abandoned Sessions

Applet Encryption

Timers

SDK Contents

Tools

Pack Tool

DALPackageCreator Tool

Admin Command Tool

Emulauncher

Generic Host Application (Windows*, Linux*, Android*)

Generic Windows* and Linux* Host Application

Generic Android* Host Application

Linux Tools

Troubleshooter

Samples

Applets with Host Applications

Intel® EPID 1.1 Provisioning Sample

TCB Recovery Flow

Sample Components

Sample Flow

Intel® EPID 1.1 Signing Sample

DRM Solution Sample

Events Sample

IAC Sample

Protected Storage Sample

SIGMA 1.1 Sample

SSL Sample

Secure Data Migration Sample

Samples Server

Host Applications Only

TEE Management API Sample

KDI Sample

Linux* Host Application Sample

Android* Host Application Sample

Android* Native Host Sample

Plugins

Eclipse* Plugin

Microsoft* Visual Studio Plugin for Intel® DAL

Intel® DAL Environment

Available Platforms and SKUing

Processing Power and Speed

Memory

Trusted Application Code Memory

Heap Memory

Memory Policy Enforcement

Preserving VM Space in a Multiple Secure Application Environment

Setting Memory Requirements

Performance

Power States

Applet Manifest

API Levels

Writing Your Code

Using the Applet Manifest

Applet Manifest Fields

Trusted Application Fields Required Properties

Trusted Application Manifest Fields Optional Properties

Manifest Fields Format Rules

Specific Fields

SKU Matrix

For API Level 1 - Intel® ME 7.x - Sandy Bridge

For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge

For API Level 2 - Intel® ME 8.0 - Ivy Bridge

For API Level 3 - Intel® ME 8.1 - Ivy Bridge

For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0

For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell

For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell

For API Level 5 - Intel® ME 10.0.0 - Haswell

For API Level 6 - Intel® ME 10.0.20 - Broadwell

For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H

For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H

For API Level 9 - Intel® ME 12.0 - Cannon Lake

Java* Limitations

Memory Management

Security Guidelines

Validation Guidelines

Trusted Application Validation Guidelines

Validating the Manifest

Memory and Performance

Error Handling and Recovery

Functional Validation and Multi-Instance Support

Pack and DALP Generation and Validation

Host-Side Software Validation Guidelines

Trusted Application Management Flows

Error Handling and Recovery Flows

Multi-Instance and Interoperability Testing of Trusted Application Management

General and Platform-Related Events

End-to-End and Setup Validation Guidelines

Cross Trusted Application Interoperability Functional Testing

OEM Signing Manifest

Secure Display Security Guideline

Secure Time Guidelines

Timer Guidelines

Project Development Flow

Creating a New Project

Importing an Existing Project

Converting an Existing Project

Building and Packaging Your Project and Running in Emulated Environment

Running Your Project

Running and Testing on Emulation and on Silicon

Debugging Trusted Applications

Preparing and Submitting Your Project for Signing

Signing an Applet

Signing New Versions

Troubleshooting

Additional Documentation

Visible to Intel only — GUID: GUID-1FF4ECAC-93A1-42C1-A318-135473BA286B

View Details

Sub-Security Domain Life Cycle

In order to provision a Sub-Security Domain, the following new Security Domain related ACPs are supported:

Admin Command	Signed Command?	Comments
Install Security Domain	Signed by Intel only	Intel must sign on every S-SD.
Uninstall Security Domain	Signed by Intel or by the S-SD itself (S-SD can remove itself)	Intel can remove every S-SD from DAL. S-SD can remove only itself and cannot other S-SDs

These ACPs can be created using the Intel® DAL Pack Tool.

When only the pre-installed I-SD exists and Intel DAL is in an unprovisioned state, no OEM Intel DAL trusted applications can be executed on the platform.

The provisioning is done from the host OS by providing the Install Security Domain ACP of the OEM S-SD to Intel DAL. This can be done using the TEE Management library which supports generic ACP command dispatch. When the platform is provisioned, no Intel signed trusted applications are supported.

The unprovisioning is performed from the host OS by providing the Uninstall Security Domain ACP of the already installed OEM S-SD to Intel DAL. In the border case of a trusted application already running, it will not be terminated and will be allowed to complete its execution.

After the Security Domain is uninstalled and before a Security Domain is installed again, Intel DAL will not be able to install or execute any OEM trusted application.

Level Two Title

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in

Intel® Dynamic Application Loader (Intel® DAL) Developer Guide

Sub-Security Domain Life Cycle