Developer Guide

  • 10/27/2020
  • Public Content
Contents

OEM Signing Manifest

 
This page provides details on the contents of the OEM signing manifest. For details on the process of OEM signing, see the appropriate Features page.
 
 

S-SD Manifest

 
The S-SD manifest determines meta-information about the security domain.  Some of the manifest fields are descriptive and some modify the S-SD behavior. 
The contents of the manifest are verified with each signing request and this information is signed in the S-SD ACP itself.
 
The table below summarizes the S-SD manifest properties.
 
Field name
 
 
Field Type
 
 
Field Value Format
 
 
Description
 
 
Required?
 
 sd.id 
 UUID/GUID 
String of the following format:
[8 digits]-[4 digits]-[4 digits]-[4 digits]-[12 digits] where a digit is a char in [0-9,A-F,a-f].
 The globally unique identifier (GUID) of the Security Domain (unique for each SD) 
 Yes 
 sd.name 
 String 
1 <= char Length < 32
 A descriptive name for the SD. 
 Yes 
 sd.max_ta_install 
 unsigned decimal integer 
1 <= value <= 31
 Max number of installed trusted applications. 
 Yes 
 sd.max_ta_run 
 unsigned decimal integer 
1 <= value <= 16
 Max number of concurrently executing trusted applications 
 Yes 
 sd.access.control 
 Hexa String 
Specifies the Java API groups the associated S-SD is allowed to utilize – all the trusted applications signed by this S-SD will be subject to this limitation.
 Yes 
 sd.firmware.version 
 Version 
Form: major.minor
Value: sd.major == fw.major
AND (sd.minor == fw.minor
OR sd.minor == 9)
The firmware version the SD is allowed to install on.
Resolution is platform generation.
 
When the minor version is 9, the SD is allowed to be installed on all major.x FW versions.
 Yes 
 sd.platform.id 
 32 Hexadecimal digits 
 
Specifies the Platform ID for a production platform. Use for signing a Security Domain for a single production platform only - for demo/test purposes.
 
Note that a trusted application signed with this field will load 
ONLY 
on the given platform.
 No 
 

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804