Developer Guide

  • 10/27/2020
  • Public Content
Contents

Preparing and Submitting Your Project for Signing

In order to ensure the integrity of trusted applications, and that they do not contain malicious or harmful code as well as mismatches between implemented features in a trusted application and support for those features on the loading platforms, trusted applications need to be signed by Intel before they can be installed or run on Intel® DAL production platforms.  It is impossible to load and execute an unsigned trusted application in a production environment.  
 
The process of validating the code and its interoperability with its environment is the certification process.  A successful certification process culminates in the signing of a trusted application.  A trusted application will be signed only after it is certified.  
 
Note:
Sign Once:
  Beginning with Intel® Management Engine (Intel® ME) 11.0, the trusted application signing key is decoupled from the platform signing key.  Therefore, a trusted application signed for Intel ME 11.0 Release X will no longer require resigning for Intel ME Release 11.0 and above.
When do you need to go through the certification and signing process?
  • A new trusted application.
  • New versions of existing trusted applications
  • Existing trusted application on next generation hardware (No longer needed from Intel ME 11.0 and above.)
Note:
At no stage in the signing process is the source code visible to Intel.
See
Validation Guidelines
for details on how to prepare for the certification process.
Note
: During a signing flow, using a tool such as ProGuard* for code size optimization is enforced for big Trusted Applications. 

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804