Installation
Installing and Uninstalling a Trusted Application
Trusted Application Installation Flow
- The host application calls the function JHI_Install2 (see in the API reference) and passes the full path of the trusted application DALP file.
- The Intel DAL Host Interface Service verifies the DALP file's validity according to a specific schema. The same validation is performed by the DALP tool.
- The Intel DAL Host Interface Service filters the trusted application blobs (PACK files binary) for those trusted applications that share the same major firmware version (e.g., 9.x.x.x), that is the closest to the major firmware version burned on the machine and has the correct platform type.
- All compatible trusted application blobs are sorted from highest to lowest by firmware version and trusted application version.
- The Intel DAL Host Interface Service will attempt to download each of these blobs to the virtual machine (VM) until one of them is accepted by the VM.
- The Intel DAL Host Interface Service will not download trusted applications that are signed with Intel® Identity Protection Technology (Intel® IPT) enabled if Intel IPT is not enabled on the platform.
- The firmware is responsible for verifying the signature and compatibility of each trusted application. No security checks are performed by the Intel DAL Host Interface Service.
- If one trusted application is successfully downloaded, the trusted application installation is considered successful. The DALP file is stored in the Intel DAL Host Interface Service repository for future use. The application can use the to query the attributes of the loaded trusted applications (e.g., the trusted application version).
- If no trusted application loaded successfully, the application will receive a general error,JHI_INSTALL_FAILED. Currently there is no way for the application to understand why a trusted application blob was rejected by the VM.