Developer Guide

  • 10/27/2020
  • Public Content

SIGMA 1.1 Sample

This sample demonstrates how to enable an application running on the firmware securely to exchange symmetric keys with a remote party using Intel® Dynamic Application Loader (Intel® DAL).
This sample is applicable for API level 4 and above.
The SIGMA protocol sets up a secure session between an Intel® Enhanced Privacy ID (Intel® EPID) prover and verifier.
  • A verifier can refer to different entities, such as a TRS-based host application, an Intel server, or an ISV key provisioning server.
  • The prover is typically Intel hardware.
The SIGMA protocol is based on the Diffie-Hellman key exchange and uses the Intel EPID signing algorithm to authenticate the firmware to the remote party. Since the SIGMA protocol uses an Intel EPID signature, Intel EPID must be provisioned prior to using this class. For details, see the Intel EPID Provisioning Sample.
The basic SIGMA flow:
sigma flow
The components of the sample:
  • Server:
     represents the remote party, the verifier, that needs to verify the platform identity.
  • Host application:
     communicates with and transfers data back and forth between the server and TA.
  • Trusted application:
    represents the Intel EPID prover that needs to prove that it is included in a valid Intel EPID group.
The trusted application generates identification messages to be sent to the server. The server processes and verifies the messages that it receives from the trusted application and generates a response message to the trusted application. The trusted application processes the message and verifies that it was created by the server, thereby authenticating the server.
: Before running the sample, make sure the server is running. To run the server, locate the SDK installation on your disk and double-click
Then run the project.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at