Developer Guide

  • 10/27/2020
  • Public Content

OEM Signing Manifest

This page provides details on the contents of the OEM signing manifest. For details on the process of OEM signing, see the appropriate Features page.

S-SD Manifest

The S-SD manifest determines meta-information about the security domain.  Some of the manifest fields are descriptive and some modify the S-SD behavior. 
The contents of the manifest are verified with each signing request and this information is signed in the S-SD ACP itself.
The table below summarizes the S-SD manifest properties.
Field name
Field Type
Field Value Format
String of the following format:
[8 digits]-[4 digits]-[4 digits]-[4 digits]-[12 digits] where a digit is a char in [0-9,A-F,a-f].
 The globally unique identifier (GUID) of the Security Domain (unique for each SD) 
1 <= char Length < 32
 A descriptive name for the SD. 
 unsigned decimal integer 
1 <= value <= 31
 Max number of installed trusted applications. 
 unsigned decimal integer 
1 <= value <= 16
 Max number of concurrently executing trusted applications 
 Hexa String 
Specifies the Java API groups the associated S-SD is allowed to utilize – all the trusted applications signed by this S-SD will be subject to this limitation.
Form: major.minor
Value: sd.major == fw.major
AND (sd.minor == fw.minor
OR sd.minor == 9)
The firmware version the SD is allowed to install on.
Resolution is platform generation.
When the minor version is 9, the SD is allowed to be installed on all major.x FW versions.
 32 Hexadecimal digits 
Specifies the Platform ID for a production platform. Use for signing a Security Domain for a single production platform only - for demo/test purposes.
Note that a trusted application signed with this field will load 
on the given platform.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at