Developer Guide

  • 10/27/2020
  • Public Content
Contents

SIGMA 1.1 Sample

This sample demonstrates how to enable an application running on the firmware securely to exchange symmetric keys with a remote party using Intel® Dynamic Application Loader (Intel® DAL).
This sample is applicable for API level 4 and above.
The SIGMA protocol sets up a secure session between an Intel® Enhanced Privacy ID (Intel® EPID) prover and verifier.
  • A verifier can refer to different entities, such as a TRS-based host application, an Intel server, or an ISV key provisioning server.
  • The prover is typically Intel hardware.
The SIGMA protocol is based on the Diffie-Hellman key exchange and uses the Intel EPID signing algorithm to authenticate the firmware to the remote party. Since the SIGMA protocol uses an Intel EPID signature, Intel EPID must be provisioned prior to using this class. For details, see the Intel EPID Provisioning Sample.
The basic SIGMA flow:
sigma flow
The components of the sample:
  • Server:
     represents the remote party, the verifier, that needs to verify the platform identity.
  • Host application:
     communicates with and transfers data back and forth between the server and TA.
  • Trusted application:
    represents the Intel EPID prover that needs to prove that it is included in a valid Intel EPID group.
The trusted application generates identification messages to be sent to the server. The server processes and verifies the messages that it receives from the trusted application and generates a response message to the trusted application. The trusted application processes the message and verifies that it was created by the server, thereby authenticating the server.
Note
: Before running the sample, make sure the server is running. To run the server, locate the SDK installation on your disk and double-click
\DALsdk\Samples\DALSamplesServer\DALSamplesServer.sln
Then run the project.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804