Developer Guide

  • 10/27/2020
  • Public Content
Contents

SSL\TLS

Beginning with Intel® Management Engine (Intel® ME) 9.0, trusted applications can use PKI to establish an SSL connection with a remote server.
The Intel® DAL infrastructure exposes to a Trusted Application a set of classes that will allow the Trusted Application to establish a TLS session as a client end-point.
  • Protocol versions:
    • TLS1.0, supported on old platforms only (Intel® ME 11 and older, and Intel® Trusted Execution Engine (Intel® TXE) 4.x and older).
    • TLS 1.1
    • TLS 1.2 supported since Intel ME 12 (API level 9)
  • Supports server authentication.
  • Supports client authentication starting from Intel TXE 3.x and Intel® Converged Security and Management Engine (Intel® CSME) 12.
  • Revocation mechanism supported using CRLs.
  • TLS client supports data chunks as well as whole package data.
  • TLS client supports configuration of security options.
Warning:
On Intel ME 9 through Intel CSME 12, the TLS infrastructure is supported only on Corporate (5MB) firmware SKUs. As a result, using APIs that use this capability, such as those included in
SslSession
,
CertificateChain
,
CertificateStore
and
AMT
, will result in
NotSupportedException
on Consumer (1.5M) firmware SKUs.
Starting from Intel TXE 3 and Intel CSME 13, the TLS infrastructure is supported on all SKUs.
See the SSL Sample for more details.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.