Details
The Intel® Dynamic Application Loader (Intel® DAL) is a unique feature of Intel platforms that allows you to run small portions of Java* code on Intel® Converged Security and Management Engine (Intel® CSME) firmware. It is available on most Intel® Core™ and Intel Atom® processors.
Intel DAL includes the following benefits:
- Application code runs in a trusted execution environment (TEE).
- Uses dedicated processor, firmware, and hardware.
- Code is completely isolated from the operating system.
- Messages to and from the TEE can be signed and encrypted.
- Malware that is running on the system cannot interfere with or spy on the process.
- Applets cannot be installed on the firmware unless they have been reviewed and signed by Intel.
- Applets are also fully isolated and cannot access each other’s data.
On individual devices, a portion of the Intel CSME firmware is made available for third-party use. Install a small Java applet of your own design (called a trusted application) on the firmware. You can also create a host application that runs on the device’s Windows*, Android*, or Linux* operating system.
Execution
The host application executes its nonsensitive code in normal system memory. However, if a small function needs to be run in a secure environment outside of the operating system, the host application does not run this function by itself. Instead, it uses the Java host interface API to send a command to the applet. The applet executes the function in the Intel DAL secure environment and returns a response to the host application.
Typical Applet Functions
- Verify with Intel® Enhanced Privacy ID (Intel® EPID) that the host application is communicating with the applet and not with another entity.
- Encrypt or decrypt data through the applet.
- Sign or verify data through the applet.
- Send an encrypted image to the graphics hardware that users can see, but is invisible to the operating system and applications running on it.
- Use the applet to establish a secure connection with a remote server.
- Securely store data so that it is released only to parties presenting proper credentials.
Applet Security
The isolated environment protects running code from spying and interference from malware that may be running on the operating system.
Explore the Basics of Intel DAL Architecture
The Intel DAL environment contains ready-to-use implementations of common encryption algorithms that include AES, RSA, ECDSA, SHA, HMAC, random number generator, and more.
Using the encryption capability of integrated graphics from Intel, this prevents the scraping of sensitive content from the display. The sensitive content is displayed in a window that can be seen only by the user sitting physically in front of the screen. To the operating system or any malware that may be running on it, that portion of the screen is blank. This makes it an ideal place to enter or display passwords.
Intel® Active Management Technology
The API provides an interface for the Intel DAL trusted applications to access the services provided by Intel® Active Management Technology (Intel® AMT). These services enable IT managers to remotely discover, repair, and help protect networked computing assets.
Send and receive events (for example, timeouts) from other trusted applications or native services.
Inter-Applet Communication (IAC)
This feature allows a service-trusted application to provide certain platform services (such as secure screen output) to other client-trusted applications via internal sessions.
Original Equipment Manufacturer (OEM) Signing
For certain types of IoT platforms, Intel allows OEMs to sign Intel DAL trusted applications instead of submitting them to Intel. The applications can then be run on the platforms manufactured by the OEMs.
Transport Layer Security (TLS)
Intel DAL supports using TLS to establish a secure session between the Intel DAL environment and a remote server.
Intel® Enhanced Privacy ID (Intel® EPID)
Intel recommends this algorithm for attestation of a trusted system while preserving privacy. It is used as part of the SIGMA protocol, and is used by Intel DAL applets for attestation.
Intel DAL supports a small amount of storage for use by trusted applications. This storage can be used for sensitive information that, if lost, would compromise a trusted application.
Get and set a secure time using the platform's protected run-time clock (PRTC). Secure time means a time that cannot be tampered with (for example, by hackers). Secure time is used for date and time checks required for transport layer security (TLS) and Kerberos usage (a network authentication protocol). It is also used for timestamps for events and logging, and maintaining alarms for the Intel AMT alarm clock feature.
Intel DAL supports both shared and non-shared sessions between host applications and applets. In a shared session, multiple host applications connect to a single instance of the applet. In non-shared sessions, each host application connects to a separate instance of the applet.
Set asynchronous callbacks that cause functions in an applet to be invoked at specified times.
Secure Digital Rights Management (DRM)
A user downloads a video file from your company and pays a rental fee that allows the user to play it for the next three days. If you store the number of days remaining on the user’s computer, malware or the users themselves can try to corrupt it. If you store it on a server, users cannot watch the video if they are offline. By storing these small pieces of user data in the Intel DAL storage layer, and consulting it each time the video plays, you can limit who can play the video, when, and how it's played.
Secure Login (Intel® Authenticate Solution)
Although the world is moving away from cumbersome passwords, verifying a user's identity before login is still essential.
Your trusted application creates the image of a keypad or other password entry interface, encrypting it so the operating system cannot read it. The operating system sends this encrypted image to the graphics hardware that decrypts it using a key that it received directly from Intel DAL.
Only the user can see the resulting protected transaction display (PTD) window. From the point of view of the operating system or any malware that may be running on it, that portion of the screen is blank.
Secure Transactions Using Intel® Identity Protection Technology
Your online storefront may be secure, but your customers might be infected with spyware. To protect your users’ sensitive information during transit, you communicate with them via a trusted application (an applet) that runs in the Intel DAL environment. This applet can securely establish a connection with your website. Since the handshake takes place in the isolated Intel DAL environment, your customers’ credit card data is transmitted securely.
Intel® Secure Device Onboard (Intel® SDO)
A manufacturer has millions of IoT devices to provision, and the provisioning cannot be performed during manufacturing. Manual provisioning is an unrealistic option. Intel® SDO uses the Intel EPID inserted in the silicon during manufacturing to enable zero-touch provisioning without a technician's assistance. Intel SDO uses Intel DAL to ensure that the communication between the device and the provisioning service is secure.
Intel® Software Guard Extensions (Intel® SGX)
This Intel architecture extension increases the security of application code and data. Application developers use Intel® SGX to protect select code and data from disclosure or modification. The software makes protections possible through enclaves, which are protected areas of execution in memory, and uses Intel DAL for anti-replay and protected time.
In-Vehicle Infotainment (IVI) Systems
Intel DAL can be used to implement digital rights management (DRM) functionality according to the digital TV standard. In this scenario, the Intel DAL applet provides DRM key storage and secure cryptographic computation using the DRM key.