Intel has developed the Intel® Dynamic Application Loader (Intel® DAL) Host Interface Daemon (also known as JHI), which contains the APIs that enable a Linux* operating system to communicate with Intel DAL. The daemon is available both in a standalone software package and as part of the Linux* Yocto 64-bit distribution.
The use of a Linux operating system does not affect the structure and code of applets running in the DAL. Applet development is the same, and should be conducted on Windows*, regardless of the target’s operating system. The host application that you will use to communicate with the DAL must be compiled for use on Linux.
Note:The PAVP library is not yet available on Linux, and therefore the Protected Trusted Display APIs are not available for use by your host application. In addition, the iCLS Client is also not available in Linux, so if you want to provision an EPID you will need to do so through the DAL directly.
The SDK provides a Linux-based Generic Host Application, as well as a sample host application that can be used as a template for your host application development. See Linux Tools for more details.
Intel DAL is supported on the Broxton IOTG hardware platform.
The Intel DAL Host Interface Daemon provides your host application's interface with the DAL. It is included with the 64-bit Yocto Linux distribution, kernel version 4.x.
The daemon is open-source and can be installed on any other Linux distribution, but these installations are not officially supported. For instructions on downloading the software package, see below.
Note: Instructions for installing Linux Yocto or any other Linux distribution are outside the scope of this documentation.
The JHI Daemon exposes two client APIs:
The following diagram displays the high-level architecture of the communication between the Intel DAL layer and the host application via the Intel DAL Host Interface daemon.
The Intel® Management Engine Interface and Dynamic Application Loader (Intel® ME DAL) is a kernel component that provides both user space and kernel space communication interfaces with the Intel DAL client in CSE firmware, enabling the direct usage of DAL by Linux kernel components.
Intel MEI DAL exposes a user space interface via the
/dev/dalcharacter device. This interface is used by the JHI daemon to communicate with Intel DAL firmware and supports a single consumer only.
In addition, Intel MEI DAL exposes a kernel space interface that contains a minimal set of functions for session communication with an applet and supports multiple concurrent consumers.
Both the user space and kernel space interfaces can be used simultaneously; Intel® MEI DAL supports concurrent usages coming both from kernel space and user space.
The Intel® DAL Host Interface Daemon is installed as part of the Intel IOTG Yocto distribution. The Intel DAL Host Interface process (jhid) runs as a daemon and the Trusted Application repository is placed in the /var/lib/intel/dal/applet_repository folder.
The JHI source code is published publicly on GitHub*. You can download the source and run the following commands to build the JHI package and install it:
Note:Before you install the JHI package on your Linux distribution of choice, make sure that the paths at the end of CMakeLists.txt are compatible with your Linux setup.
The Intel® JHI Daemon allows you to configure the transport type for connecting with Intel DAL firmware by changing the
/etc/jhi/jhi.confconfiguration file to specify the communication interface (HECI MEI device, MEI DAL device, or IP socket).
After changing the configuration, you need to restart the JHI Daemon, using the command
systemctl restart jhito apply the change.