Developer Guide

  • 10/27/2020
  • Public Content


Beginning with Intel® Management Engine (Intel® ME) 9.0, trusted applications can use PKI to establish an SSL connection with a remote server.
The Intel® DAL infrastructure exposes to a Trusted Application a set of classes that will allow the Trusted Application to establish a TLS session as a client end-point.
  • Protocol versions:
    • TLS1.0, supported on old platforms only (Intel® ME 11 and older, and Intel® Trusted Execution Engine (Intel® TXE) 4.x and older).
    • TLS 1.1
    • TLS 1.2 supported since Intel ME 12 (API level 9)
  • Supports server authentication.
  • Supports client authentication starting from Intel TXE 3.x and Intel® Converged Security and Management Engine (Intel® CSME) 12.
  • Revocation mechanism supported using CRLs.
  • TLS client supports data chunks as well as whole package data.
  • TLS client supports configuration of security options.
On Intel ME 9 through Intel CSME 12, the TLS infrastructure is supported only on Corporate (5MB) firmware SKUs. As a result, using APIs that use this capability, such as those included in
, will result in
on Consumer (1.5M) firmware SKUs.
Starting from Intel TXE 3 and Intel CSME 13, the TLS infrastructure is supported on all SKUs.
See the SSL Sample for more details.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at