Developer Guide

  • 10/27/2020
  • Public Content
Contents

API Levels

Intel® DAL defines an API level that reflects a specific revision of the Intel DAL Java* Class Library (JCL); the number of the API level is incremented for each new project as new features are added and the library is extended.
► Tip:
For details on Intel DAL API classes, see the Intel DAL API Reference.
► Tip:
For more information on the functionality available in each API level, see the section 
Intel DAL API Levels & Features
 in the Applet APIs page of the Intel DAL API Reference.
In earlier projects (API levels 1-6), the manifest property
applet.api.level
of the applet specifies the platform on which the applet will be able to run on.
As of API level 7, applets can run on a platform if they meet the following constraint: Applet API level <= Platform API level.

New in API Level 9

New in API Level 8

  • ECIES (Elliptic curve integrated encryption scheme)
  • AMTProvision: This class enables using Intel® DAL to provision Intel® AMT. Class documentation: com.intel.util.AMTProvision
  • DataMigration: When the Intel® CSME Firmware Secure Version Number (SVN) is incremented via firmware update, the applet PBIND key changes, causing any data which was encrypted or HMAC’d with the PBIND key to be no longer usable. This class provides the ability to apply the previous PBIND key to retrieve this data. Class documentation: com.intel.crypto.DataMigration

New in API Level 7

Admin Command Package

In API level 7 (for code name Sunrise Point), the applet pack format was changed to support admin command packs.  The regular pack command is renamed as 
InstallJTA
. Two new admin commands were added:  
  • UninstallJTA
    :  uninstalls an existing JAVA trusted application (TA).
  • UpdateSVL
    :  updates the Intel DAL firmware's Security Version List mechanism with the new Security Version List.
Required actions for existing projects:
  • Eclipse* plugin:  Nothing. Note: You can upgrade an applet project from API level 5 and above only.
  • Build script:  Update your manifest and scripts accordingly.
See the Admin Command Tool for information on loading Admin Command Packages (ACPs).

Manifest Fields

There are 2 new manifest fields that allow inter-applet communication:
  • applet.service.consumed:
      List of UUIDs, {
    UUID1
    ,
    UUID2
    } that represents the UUIDs of applets allowed to communicate with the TA. Using this property requires the use of the ServiceClient APIs.
  • applet.service.sessions:
      Number of allowed open sessions for a single instance. Using this property requires inheriting from the 
    ServiceApplet
    class and vice versa.
As a result of the changes in the applet pack format, there are several implications for users of previous releases:
  • firmware.min_version
    field was removed.
  • applet.platform
    field is
    CSE
    .
  • applet.api.leve
    l field is 7.
  • applet.entry_class
    field is mandatory.
  • applet.access.control
    field was added and is mandatory. 
  • applet.feature.set
    field was removed.
  • applet.feature.set.permission
    field was removed.
The applet.access.control field specifies the JAVA classes and packages that the applet is allowed to use.  For information on how to set the access control value, see Trusted Application Manifest.

New in API Level 6

TBD

New in API Level 5

The VM was changed in Intel DAL API level 5. The VM change was backported to Intel® ME 9.1.35, ME 9.5.55, SEC1.1, SEC1.2 and SEC2.0 platforms.
This has some implications for the user from previous releases:

JDK version of the compilation was upgraded from 1.3 to 1.6. 

What do you need to do?
  • Old code may have compilation errors and should be rewritten to use iterators and generics.
  • Do not install a lower JDK on your machine. This affects project compilation settings.
  • Old API level 1 - 4 projects cannot be upgraded to API level 5. API level 5 projects cannot be downgraded.

Isdi.jar was renamed to dal.jar.

What do you need to do?
  • SDK Eclipse plugin - nothing.
  • Build script - change built script accordingly.

Jeffc is replaced by bhcTool.

What do you need to do?
  • SDK Eclipse plugin - nothing.
  • Build script - change built script accordingly.
There are 3 new manifest fields:
applet.instance.debuggable
- Signifies where the the applet instance JAVA code is debuggable.
applet.entry_class
- If multiple subclasses of
IntelApplet
are included in an applet package, use this property to specify the main entry applet class full name, including the package name.
applet.api.level
- Specifies the API level of the applet.

New in API Level 4

  • SSL
  • Intel® Enhanced Privacy Identification (Intel® EPID) 1.1

New in API Level 2

Available in API Level 1

Crypto

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804