Visible to Intel only — GUID: GUID-B90D33BE-B79E-47B7-B554-A93BD57B688C
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-B90D33BE-B79E-47B7-B554-A93BD57B688C
Symmetric Key Cryptography
When symmetric key encryption is used, the same key is used for both encryption and decryption. The advantage of symmetric key encryption is that it is simple, quick and, in many cases, can be offloaded by the hardware. The disadvantage is that the keys must be agreed upon in a secure manner.
Algorithms Supported by Intel® DAL
Intel DAL supports:
- Encryption/Decryption
- AES
- Key sizes: 128,256 (AES 128 is offloaded in the hardware)
- Block cipher modes: ECB, CBC, CTR, OFB*
- Single Block operation - all data is encrypted at once
- encryptComplete
- decryptComplete
- Sequential operation - data is encrypted in chunks, e.g., when data is too large to keep all of it in the memory at once
- encryptUpdate + encryptComplete for the last block
- decryptUpdate + decryptComplete for the last block
- Single Block operation - all data is encrypted at once
- Platform-Binding key (PBIND) sizes: 128, 256
- DES/Triple-DES
- Key sizes: 64,128,192
- Block cipher modes: ECB, CBC, CTR
- AES
- Signature
- HMAC
- Hash sizes: HMAC-SHA1, HMAC-SHA256, HMAC-SHA512
- HMAC
For more information, see: Data Encryption Standard (DES) (PDF); Advanced Encryption Standard (AES) (PDF);
* Starting with API Level 8
Supported from API level 1