Developer Guide

  • 10/27/2020
  • Public Content
Contents

Validating the Manifest

The manifest has various roles, but it is important to understand it has major impact on the functionality of the trusted application and on the setups in which it will load and function. The manifest is used for limiting the installation of the trusted application to specific setups, for enabling various features or even for limiting the heap size allocated for the trusted application.
So how do we validate the manifest file and who should create it?
There are two stages to the manifest validation:
  • Pre-production
  • Post-production
First we need to check which manifest values are being used by development team, and which are used in validation setups.
Note 
that some of those are only relevant for pre-production setups. In production we cannot change the values, since the trusted application is signed for production.
So, during the 
pre-production validation,
we need to cover the following:
  • Functional limitation
     – Heap-Size, ID, flash-quota, all events related support (for both post and register), etc.
  • Installation limitations
     – Minimal firmware version, trusted application and security versions, platform, SKU/CPU limitations, feature set, IPT restrictions, etc.
On the 
production signed trusted application validation,
we should cover the following
  • Ensure that the signed trusted application has 
    correct manifest values
     as defined in the signing request and values which were used during pre-production validation. This can be done by various tools provided in engineering releases or the SDK in Intel® DAL.
  • Run 
    manifest-related tests 
    on production setups (e.g. checking that the trusted application is installed on the relevant setups, and doesn’t where it should be restricted) and general functional flows (e.g., Intel® Enhanced Privacy ID (Intel® EPID) provisioning has many differences in production setup due to various certificate differences).
The production validation step is very important and usually must be planned in advance, since we need to order the relevant hardware parts in advance.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804