Developer Guide

  • 04/03/2019
  • Public Content
Contents

Memory

This page describes the memory capabilities of the Intel® Dynamic Application Loader (Intel® DAL) environment. For advice on how to manage memory in your applet, see the appropriate Guidelines page.
Intel DAL secure applications have memory and trusted application size requirements that are stricter than general purpose trusted applications. The VM implementation supports up to five sessions running simultaneously and limits the entire memory footprint available for trusted application code and heap.
There are two aspects of the memory footprint of a trusted application:
  • The memory taken up by trusted application
    code
    and static memory allocation.
  • The dynamic memory on the
    heap
    used by and for the trusted application during run-time.
Trusted application and heap memory are both consumed from the Intel DAL module memory which is currently limited to a total of 2 MB. This is the total memory available for all applets.
These two components are regarded and treated separately.
Non-volatile memory: This is the flash memory in the secure environment that is available for the applet to use as storage. In API level 7 and later, the maximum amount of flash memory available for storage by the applet is 5K. In earlier API levels, the amount is 256 bytes. It is recommended to store encrypted applet code and data on the hard disk, and store the encryption keys in the secure flash memory. The amount of NVM must be defined in the applet's manifest.
Trusted application writers should make the size of a trusted application and its memory signature as small as possible, for the following reasons:
  • Before Intel signs the trusted application, it checks the code size and memory usage (declared in the applet's manifest). If the applet's code size is too large, or it uses too much memory, Intel may not agree to sign it.
  • Intel DAL has a limited amount of memory, so it is possible that Intel DAL will not be able to run all the existing applets at the same time. Intel DAL uses a “first come first served” approach. If there is not enough memory available to run an applet, an
    Out Of Resource
    failure is generated during the applet's command.
The Intel DAL trusted application VM has a garbage collection mechanism. Any memory allocations that are not referenced are eventually cleared by the garbage collector. Any global objects that still exist consume memory for the entire trusted application lifetime. Whenever possible, the global memory should be dereferenced or reused, as trusted application memory allocation is limited.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804