Developer Guide

  • 10/27/2020
  • Public Content
Contents

Trusted Application Manifest Fields Optional Properties

The following are optional manifest fields.  They enable developers to further detail  their trusted applications.
applet.description
String
1 <= charLength < 160
A short description about the applet
Yes
Intel ME 7.x
applet.flash.quota
Decimal Integer
Decimal integers in the range [0, 256]
The amount of flash storage available for the applet on the secure environment in bytes. Applets are not usually assigned flash quota but are expected to keep data encrypted on the host machine
Yes
Intel ME 7.x
applet.debug.enable
Boolean
 
Specifies whether debug prints are enabled for the applet. Without it – debug prints will not be seen on the applet. Production applets are not signed with this field set to true
Yes
Intel ME 7.x
applet.timeout
Deciaml Integer
Before API level 5:  0 = no timeout.
From API level 5: 0 is not a legal value.  For no timeout do not define the field.
Specifies the watchdog timeout (in milliseconds) in which the applet is required to respond to a request. The applet is unloaded if this timeout is exceeded. This field use is encouraged to prevent applets from becoming unresponsive; applet testing should be done with it.
No
Intel ME 7.x
applet.debugger.timeout
Decimal Integer
 
Specifies the timeout (in milliseconds) in which the VM waits for the debugger to connect before it initializes the applet. Useful if needed to debug initialization flows in the applet. Production applets will not be signed with this field.
No
Intel ME 7.x
applet.written.by.intel
Boolean
 
Describes whether this applet was written by an Intel Business Unit or an external vendor. This will be checked in the certification flow.
No
Intel ME 7.x
applet.event.register
Set of Decimal Integers
See Set Format below
(e.g. {1,2,5})
Specifies the list of event codes that can be received by this applet.
No
Intel ME 8.x, Intel TXE 1.x
applet.event.post
Set of Decimal Integers
See Set Format below
(e.g. {1,2,5})
Specifies the list of event codes that can be posted by this applet.
Note: the following values are reserved for FW use: 2, 3, 4, 5.
No
Intel ME 8.x, Intel TXE 1.x
applet.shared.session.support
Boolean
 
Specifies whether this applet supports using the same shared session for several SW applications, i.e. allows different host applications to communicate the same applet session simultaneously.
Removed in API level 8.
Yes
Intel ME 8.x
applet.cpu.whitelist.flag
Boolean
 
Specifies whether the CPU list specified in the applet manifest is a whitelist (allow these CPUs) or a blacklist (disqualify these CPUs).
Note:  If this property exists, the applet.cpu.list must exists as well and vice versa.
No
Intel ME 8.x, (Intel TXE 1.x?)
applet.cpu.list
Set of Integers
See Set Format below
(e.g. {1,2,5})
Set of integer representations of different CPU brands to filter.
Note: if this property exists, then the property "applet.cpu.whitelist.flag" must exist as well and vice versa.
No
Intel ME 8.x, (Intel TXE 1.x?)
applet.pch.whitelist.flag
Boolean
 
Specifies whether the PCH list specified in the applet manifest is a whitelist (allow these PCHs) or a blacklist (disqualify these PCHs).
Note:  if this property exists, then the property "applet.pch.list" must exist as well and vice versa.
No
Intel ME 8.x, (Intel TXE 1.x?)
applet.pch.list
Set of Integers
See Set Format below
(e.g. {1,2,5})
 
Set of number representations of different PCH brands to filter.
Note: if this property exists, then the property "applet.pch.whitelist.flag" must exists as well and vice versa.
No
Intel ME 8.x, (Intel TXE 1.x?)
applet.feature.set
Integer
 
A bitmask specifying the feature-set required by the FW in order to successfully install the applet. The values of the bits may change between platforms and versions.
Removed in API level 7.
No
Intel ME 8.x, Intel TXE 1.x
applet.feature.set.permission
Integer
 
A bitmask specifying the feature-set applet is allowed to change.
Removed in API level 7.
No
Intel ME 8.x, Intel TXE 1.x
applet.platform.id
32 bit Hexadecimal
 
Specifies the Platform ID for a production platform. Use for signing a trusted application for a single production platform only - for test purposes.
Note that a trusted application signed with this field will load ONLY on the given platform.
No
Intel ME 9.5, Intel Atom® SoC formerly codenamed Bay Trail-I, Intel TXE 2.0
ipt.restriction.enable
Boolean
 
Specifies whether the applet should be limited to specific platforms/CPUs (Intel® vPro™ technology or Ultrabook™). Relevant only for Intel ME 8.x.
No
Intel ME 8.x
applet.instance.debuggable
Boolean
 
Specifies whether the applet instance Java code is debuggable
No
Intel ME 10.0
applet.entry_class
String
<package name>.<class name>
If multiple subclasses of IntelApplet are included in one applet package, this property should be used to specify the full name of the main entry applet class, including the package name.
Mandatory since API level 7.
No
Intel ME 10.0
applet.library.version
Integer
 
Specifies that the applet requires the platform JAR library which is exactly the same as the one compiled in the FW.  If the applet library and the platform library are not the same, the applet will not be loaded.
Note: For API level 6 this value must be 2.
No
Intel ME 10.0
applet.service.consumed
Set of UUIDs 
See Set Format below
(e.g. {UUID1, UUID2})
A list of UUIDs which represents the UUIDs of service trusted applications the TA allows to communicate with.
Note: using this property requires to use the ServiceClient APIs.
No
Intel ME 11.0
applet.service.sessions
Integer
 
Specifies the number of allowed open sessions for a single instance of the TA.
Note: using this property requires to inherit from ServiceApplet class and vice versa.
No
Intel ME 11.0
applet.single.instance
Boolean
 
Specifies whether or not this applet supports only a single instantiation of the applet execution in DAL firmware, i.e. opening a new session if one already exists will result in an error.
No
Intel ME 11.5
 

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804