Visible to Intel only — GUID: GUID-7EA3468A-85AE-4948-9E79-13B0664F44E2
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Running a Trusted Application on Emulated Firmware
Running and Testing a Trusted Application on Silicon-based Firmware
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-7EA3468A-85AE-4948-9E79-13B0664F44E2
Running and Testing on Emulation and on Silicon
The trusted application is intended to be loaded onto the firmware-based virtual machine (VM) and run there. For development and testing purposes, the SDK includes a Windows* executable application which fully emulates the behavior of the firmware and its hosted VM. The SDK includes an emulation image for each supported version. This application is referred to as DevPlatform (part of the full Amulet System). Many of the development tools and features of the SDK make use of these images. The Emulauncher is used to launch the emulation of the appropriate firmware.
The SDK provides a specialized tool, DalUnit, for unit testing of your applet.
Running a Trusted Application on Emulated Firmware
The host application starts and stops the execution of the trusted application. When the application initiates the execution of the installed trusted application, it starts a running instance of the trusted application, setting up a session. The host application performs the main flow of the product. When necessary, it requests the trusted application to perform a specific command making use of the special capabilities. The host application receives the results from the trusted application.
Note: The host application is responsible for running the trusted application instance. The trusted application does not resume execution after a full or partial platform reset. The internal state and data of a trusted application also are not saved in a reset.
When running from Eclipse*, there are three options for selecting where the host application should run:
- Microsoft Visual Studio* solution - for developing a trusted and host application in parallel with the ability to run and debug simultaneously.
- Generic Host application - for developing a trusted application with only a general need for a host to run it on.
- Custom executable solution - for checking the flow between a developed host application and a trusted application with more emphasis on the trusted application development.
If you used the Intel® DAL Project wizard to create your project, the option is initially set in the wizard. This can be reconfigured at any time in a project by right-clicking the project and selecting Properties ► DAL Project Properties.
The Intel DALjde plugin is configured to run automatically and to debug a trusted application. This is accomplished by automatically configuring and launching the Emulauncher utility and the selected host application.
This functionality is configured in the Eclipse Run Configurations.
The trusted application is run in this environment via the standard Eclipse Run icon .
Launching the trusted application run in this way initiates the following steps:
- Creates the appropriate installable package necessary for the particular run.
- Starts the Emulauncher application.
- Depending on the selected option: Starts the appropriate Generic Host interface, or starts a custom executable, or opens Microsoft Visual Studio* with the selected solution and runs it.
- If the Generic Host Application is selected, it installs the trusted application and starts a session. The behavior of the other options is implementation defined.
When you want to run the host from Microsoft Visual Studio on an already-created package from Eclipse and you have created your project with the SDK, the project has a build configuration called Amulet that enables running Intel DAL projects on emulation. This causes the emulation to run first and then runs the host application. To see the output of the trusted application in the Microsoft Visual Studio Output window, select Amulet from the drop-down list.
If the Microsoft Visual Studio Output window is closed, you can open it by clicking View ► Output.
Note: The following capabilities are relevant for running the trusted application in an emulated environment. The SDK allows running on "real" silicon-based firmware, however some functionality (output display, source level debugging) is not available on real firmware.
For debugging the project, all regular Eclipse debugging options are available in an emulated environment. All of the output is viewable in Microsoft Visual Studio, Eclipse and the Intel DAL Generic Host Application console panes.
Running and Testing a Trusted Application on Silicon-based Firmware
You can use the SDK to execute trusted applications on "real" silicon-based firmware, with the following limitations:
- Trusted applications under development can only be run on pre-production silicon-based firmware. As they have not been authorized and signed by Intel, they will not run on production machines. Note: Pre-production platforms are not available to customers; they are available only inside Intel.
- For silicon-based firmware, all the appropriate system support components (services and DLLs) must be installed and maintained independently by the developer. This is contrary to an emulated debug environment, in which they are automatically installed by the Intel DAL Emulauncher.
- Source level debugging is not available in Intel DALjde.
- The firmware and trusted application output (debug prints, etc.) are not displayed in the Eclipse console. However, it is possible to receive the output using an external tool.
Note: Make sure that Amulet is not the active build configuration when running on silicon-based firmware.
The output of your trusted application is not available in silicon-based platforms.