Developer Guide

  • 10/27/2020
  • Public Content

Secure Data Migration Sample

This sample demonstrates how to decrypt data that has been encrypted using the platform-binding (PBind) key and this key has changed during a firmware update that incremented the firmware secure version number (SVN).
This sample is applicable for API level 8 and above.
To demonstrate the complete process, this sample contains two versions of the Trusted Application (TA):
  • SecureData TA:
     The original applet that uses the basic encryption\decryption APIs provided by Intel® Dynamic Application Loader (Intel® DAL).
  • SecureDataMigration TA:
    The modified applet that has a recovery flow to decrypt data that was encrypted using an old PBind key.
The SecureDataMigration TA uses the DataMigration API (, which is supported starting Intel® Trusted Execution Engine (Intel® TXE) 3.1.50.x firmware and Intel® Management Engine (Intel® ME) 11.8.x firmware.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at