Developer Guide

  • 10/27/2020
  • Public Content

Trusted Application Management Flows

The second and very important part of the validation effort should be directed to the validation of the host-side application which manages and communicates with your trusted application. Below there are several areas that should be taken into account and covered in your validation:
 – It is quite clear that we should ensure that our trusted application can be loaded and unloaded from the system. But we need to extend our scope and ensure that we cover the following:
  • Following the installation diagram while using the DALP package to be used in our production setup. This is important since there are different checks in the host-side level (by the Intel® DAL Host Interface Service) and others by the firmware itself.
  • Covering all setups (hardware, firmware, software combinations) and in general the SKU matrix for the given generation.
  • Trying to install/uninstall in different states of trusted application life cycle. As you know, you can’t install a new version when a session is still opened to the previous version, and there are additional restrictions (mainly regarding the trusted application and security versions).
  • When and how many times we load/unload our trusted application. Questions that should be covered during validation are whether that is necessary and what the impact is on performance.
  • Reaching the maximal number of installed trusted applications in the system.
Session management
 – There are various ways to manage our trusted application instances, and they are driven by our usage model. Some aspects that should be covered are:
  • Shared vs. non-shared sessions usage model
  • Number of expected sessions that should be supported at a given time (e.g. WYSIWYS image rendering are restricted for one session at a given time)
  • Sessions clean-up
  • Recovery flows in case of trusted application crash, Intel DAL Host Interface Service reset, etc.
  • Ensuring when and why are we opening/closing a session and the impact on our performance should be covered during validation
Event handling
 – In opposition to the first Intel DAL generation (Gen1 – Intel® Management Engine (Intel®ME) 7.x), in which the model was of client-server (the trusted application being the server), for Gen2 the trusted application can send data back to the host side by sending an event to which the host side must register in advance. In the validation scope, you should ensure that this is used only as a means to inform the host side that the trusted application has either received some event (which causes a state change) or some timeout has occurred. The host side should now use the regular ‘SendAndRecieve’ interface for passing or getting the data to/from the trusted application.
General data and status
 – The Intel DAL Host Interface Service exposes various APIs for querying the trusted application and platform. Ensure you are making correct usage of those.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at