Signing Process
The Intel® DAL Pack Tool signs on ACPs using a pre-production key which limits the usage of the ACPs to emulator and pre-production platforms only.
Pre-production platforms are not available to customers; they are available only inside Intel.
In order to load an Install Security Domain ACP in a production environment, the S-SD ACP must be signed by Intel.
The signing process is described below:
- OEM submits a Security Domain signing request to the relevant Intel business unit. The signing request includes the following:
- Security Domain manifest file
- Signature parameters file
- Signing Request form. To download a template, click here
- Intel reviews the request, creates the final Install Security Domain ACP to be signed, and performs basic installation tests on a pre-production platform.
- Intel signs on the Install Security Domain ACP with the production key and performs basic installation tests on a production platform.
- Intel completes validation/audit on the production signed binary ACP and the hash value of the OEM public key.
- The Intel business unit delivers the production signed binary ACP and the hash value of the OEM public key to the OEM.