Intel® DAL Tutorial: Create a Trusted Application and Run It with the Generic Host Application

By Benzi Schreiber,

Published:08/28/2018   Last Updated:08/27/2018

In this tutorial, you will create a basic trusted application using the Intel® Dynamic Application Loader (Intel® DAL) default trusted application template and will use the Intel DAL Generic Host Application to run your trusted application. The Intel DAL Emulauncher loads your trusted Java* application into the virtual machine and communicates with it.

By working your way through this tutorial, you will learn how to:

  1. Create and package an Intel DAL trusted application.
  2. Use the Intel DAL Generic Host Application to send a message to the trusted application and receive a response from it.

Before you begin, make sure that your development environment is set up. If you have not done so already, download the SDK in Intel DAL and follow the installation wizard. Once you have finished the setup, you are ready to begin.

This tutorial uses the Intel DAL Project wizard for Eclipse*, the Intel DAL Emulauncher, and the Intel DAL Generic Host Application.

Creating a Trusted Application

  1. Open Eclipse and select a workspace. The workspace is the root folder where projects will be saved.
  2. Once Eclipse loads, it’s time to create the project. Select File->New->DAL Applet Project… . If you do not have this menu, the Intel DAL Eclipse plugin has not been installed.

    Intel DAL create new applet project

  3. Enter the following parameters for the new project:
    • Project name: Name of the trusted application as well as of the whole project. The trusted application name can be changed later via the manifest. For this tutorial, use the project name MyFirstProject.
    • Package name: Namespace for the trusted application. This must follow the regular Java Programming Language rules. The namespace cannot contain names which are reserved for Intel DAL APIs. For this tutorial, use the package name pkgMyFirstProject.
    • Main class name: Main class of the trusted application. For this tutorial, use MyFirstProject.
    • Select API level: The lowest API level on which the trusted application will run. For example, if you specify API level 6, the applets will run on API levels 6 and higher.
      Intel DAL create new trusted application
  4. Click Next. In the next window, clear the I want to create a new host application box to indicate that you do NOT want to create a new host application.

    Intel DAL uncheck Create New Host Application

    Click Next.

    In the Run Configuration window, you specify what should happen when you press the Run or Debug button in Microsoft Visual Studio*.
    Intel DAL project run configuration

    You have the following choices:

    • Open Microsoft Visual Studio with created host application, and run it. If you choose this option, pressing Run or Debug will launch the host application that you create with the wizard.

      Note: This option is not available since you chose not to create a new host application in the previous window.

    • Run Generic Host Application Tool. If you choose this option, pressing Run or Debug will launch the SDK’s Generic Host Application. You will then be able to run the Generic Host Application to communicate with the applet.
    • Run the following executable. This is for the case where you created a host application of your own that communicates with the applet.

    For this tutorial, choose Run Generic Host Application Tool.

  5. Click Next to review your project configuration.Intel DAL review project configuration
  6. Click Finish to generate your trusted application.

View Your Trusted Application

The new project contains a template Java file, which extends the IntelApplet class, and three basic functions which all Intel DAL trusted applications contain:

  1. onInit
  2. invokeCommand 
  3. onClose

Function 1:  onInit – called when creating an instance of the trusted application.  Use the default implementation contained within the template.

Function 2: invokeCommand  This function has two parameters: 

  • int commandId - This parameter represents the command ID. The trusted application determines which action to perform based on this value.
  • byte[] request - The input data for this command. Anything may be passed here and it is up to the trusted application to decide what to do with it.

The return value from invokeCommand is used internally and should not be used by the applet. The applet must always return APPLET_SUCCESS. The applet should report any applet errors via the setResponseCode function.

The IntelApplet superclass can return data as a response each time invokeCommand is called. Do this by using the setResponse(byte[] response, int index, int length) command during the context of invokeCommand. The parameters of setResponse are as follows:

  • byte[] response
    • The response data to be returned.
  • int index
    • Index in the response data array.
  • int length
    • Length of the response data to be returned.

It is required that you invoke setResponse. There should not be any logical path in your invokeCommand implementation that ends without the response being set.

public int invokeCommand(int commandId, byte[] request) {
DebugPrint.printString("Hello, command " + commandId + "!");
final byte[] myResponse = { 'O', 'K' };
/*
* To return the response data to the command, call the setResponse
* method before returning from this method. Note that calling this
* method more than once will reset the response data previously set.
*/
setResponse(myResponse, 0, myResponse.length);
/*
* In order to provide a return value for the command, which will be
* delivered to the SW application communicating with the applet,
* setResponseCode method should be called. Note that calling this
* method more than once will reset the code previously set. If not set,
* the default response code that will be returned to SW application is
* 0.
*/
setResponseCode(commandId);
/*
* The return value of the invokeCommand method is not guaranteed to be
* delivered to the SW application, and therefore should not be used for
* this purpose. applet is expected to return APPLET_SUCCESS code from
* this method
*/
return APPLET_SUCCESS;
};/pre>

Function 3: onClose – invoked when the session is closed and the instance is about to be destroyed. Use the default implementation contained within the template.

This is a good time to review the details of IntelApplet class in the API documentation.

 

Compile and Package Your Trusted Application

Note: Compiling and packaging are necessary only if you have made changes to the applet. If you generated the applet via the wizard and subsequently made no changes to it, continue with Run Your Trusted Application.

Now that the trusted application source is ready, you compile it and convert it to the Intel DAL package format.

  1. In Eclipse, select the top level of your project tree.
  2. From the Intel DAL menu, select Build and Package. A message box opens.
          Intel DAL packaging applet
  3. Do NOT select the For Debugger option.  The For Debugger option determines whether or not the code will be compiled in a way that enables source level debugging.
  4. Click OK.  The packager begins to run.  The Eclipse console displays in-process messages for the packager operation.
    Intel DAL Eclipse console messages - packager

The generated executable in loadable form is ready for use.  In API level 1 this is a pack file; in API levels 1.1 and above, a dalp file.  The pack or dalp file is in the \bin directory in the workspace.  This is the file you will upload to the firmware emulator.  Your file is located in:

workspace\MyFirstTA\bin\MyFirstTA.dalp

 

Run Your Trusted Application

Finally, you run the trusted application on the Intel Generic Host Application.

  1. In Eclipse, select Run. The Intel DAL Emulauncher opens. The Intel DAL Generic Host Application opens and synchronizes with the Intel DAL Emulauncher.  You can see the trusted application's Hello, DAL! Message displayed in the Generic Host Application console window.

 Intel DAL emulation launcherIntel DAL Generic Host Application console window - Hello

  1. In the Generic Host Application Send and Receive section, enter a test string without entering a Command ID and click Send.  From the text displayed in the Intel Generic Host Application console window, you can see that the default Command ID is 0.
    Intel DAL Generic Host Application console window - ID 0
  2. Expand the Close Session section and click Close Session.
    Intel DAL Generic Host Application console window - Close session
     
    The session closes and the Uninstall section opens.
    Intel DAL Generic Host Application console window - Uninstall section
  3. Click Uninstall.  The trusted application is uninstalled and the Browse section of Intel DAL Generic Host Application opens to allow you to choose your next trusted application to run.
    Intel DAL Generic Host Application console window - click Uninstall

So, you have created a trusted application; packaged it and run in on the Intel DAL Generic Host Application; and acquainted yourself with the Intel DAL Generic Host Application functionalities.  Next you will add some additional response options to your trusted application.

Edit Your Trusted Application

Now that you have seen what the code in the Intel DAL default trusted application can do, let's add some original code to it to increase its display options.

What the tutorial sample does:

  • If commandId is 1, the sample prints out a debug string “Hello World!”.
  • If commandId is 2, the sample responds with the same byte array received as the request array, and also outputs an informative debug string.
  • In any other case, the samples return APPLET_SUCCESS, and display an informative debug string.
  1. In Eclipse, add the code below to the invoke command in your trusted application:
int retVal = APPLET_SUCCESS;
final byte[]   myResponse = { 'O', 'K' };
switch(commandId) {
case 1:
DebugPrint.printString("Hello World!");
setResponse(myResponse, 0, myResponse.length); 
break;
case 2:
DebugPrint.printString("Got commandId 2, will respond with an identical byte array.");
setResponse(data, 0, data.length);
break;
default:
DebugPrint.printString("Got commandId: "+commandId+".");
setResponse(myResponse, 0, myResponse.length); 
break;
}
return retVal;/pre>

  1. Compile and package your updated trusted application. For details, see Compile and Package Your Trusted Application.
  2. Run your updated trusted application. For details, see Run Your Trusted Application.
  3. In the Intel Generic Host Application Send and Receive section, enter a Command ID and click Send.

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.