Developer Guide

  • 10/27/2020
  • Public Content
Contents

OEM Signing

This page explains the OEM Signing feature of Intel® DAL. For a list of fields in the S-SD manifest that lists what an OEM-signed applet is allowed to do, see OEM Signing Manifest.
The only signing authority for Intel DAL Trusted Applications (TAs) is Intel. The exception to this is Intel Atom® Processor E3900 Series (formerly codenamed Apollo Lake)-based platforms based on Intel Atom® SoC formerly codenamed Broxton-P; OEMs manufacturing these platforms are able to sign by themselves on Intel DAL trusted applications and run them on their manufactured platforms.
The signing authority concept is represented using the 
Security Domain (SD)
 abstraction that determines which entity has the authorization to sign on DAL trusted applications on a specific platform and hence control the trusted applications execution on the platform. Intel DAL firmware contains one pre-installed privileged Security Domain that represents Intel signing authority. This security domain is the 
Issuer Security Domain (I-SD)
 that is responsible for the Intel trusted applications and Security Domains life cycle management. The other non-issuer Security Domains are also referred as 
Sub-Security Domains (S-SD)
.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804