Intel® Dynamic Application Loader (Intel® DAL) Licensee Guide

Executive Summary

As an Intel® Dynamic Application Loader (Intel® DAL) licensed developer (Licensee), your use of technology for Intel DAL is expected to comply with the following guidelines, where applicable, and comply with the general spirit and intent of these guidelines in cases not explicitly addressed by the guidelines. These guidelines have been developed so that users of Intel DAL enabled software can make certain assumptions about the software they are relying upon. Failure to meet these guidelines can result in your license being terminated. Intel may update these guidelines from time to time without notice.

Terms Used in This Document

Intel® Dynamic Application Loader (Intel® DAL)

A feature used for running small portions of Java* code on Intel® Converged Security and Management Engine (Intel® CSME) firmware.

Licensee

The developer organization which has accepted the license conditions for Intel DAL.

Software Development Kit (SDK)

Software for Intel DAL, used by a Licensee to create their own Intel DAL enabled application software.

TA (Trusted Application)

A Java applet that runs inside the protected environment of Intel DAL.

Secure Software Development Practices

For the most part a Trusted Application is just like any other software. To achieve optimal security it should be developed and validated with care. The fact that the TA runs in a protected environment does not relieve the need for a software developer to follow good development techniques and secure programming practices. Specific TA development issues are highlighted in the section Writing Your Code in the Intel® Dynamic Application Loader (Intel® DAL) Developer Guide that accompanies the Software Development Kit for Intel DAL. In addition, Licensees should:

1. Observe industry secure coding best practices for software development to avoid vulnerabilities (such practices might include a secure software development framework, coding standards, data input validation, least access possible, secure logging, and so on).
2. Address and fix significant security vulnerabilities within a reasonable time, or within a time frame established under existing disclosure arrangements between Intel and the Licensee, after becoming aware of the vulnerability.
3. Observe best industry practices to:
   1. not write malware, spyware or other nuisance software;
   2. not write poorly designed software that contains significant security vulnerabilities or that fails to deliver its security promise.
4. Construct Licensed Software Applications to enable complete removal on end user request.

Responsible Reporting to Intel

Where you, the Licensee, suspect that Intel software may have a bug or security flaw, you must privately inform Intel of the issue in a timely fashion and work with Intel to address the potential issue. Where applicable, this exchange of information should occur under existing disclosure arrangements between Intel and the Licensee. Intel will assess the issue and, if necessary, devise a remedy, taking into account the severity of the issue. Licensee must refrain from any public disclosure of the issue prior to reaching agreement with Intel on the timetable and content for such disclosure. For further details on reporting security issues to Intel, see Security Center.

System Components for Intel® DAL

Intel® Converged Security and Management Engine Software Installer for Intel® Management Engine Interface (Intel® MEI) and Intel® DAL Host Interface Service (Intel® DAL HIS)

The Intel® Converged Security and Management Engine Software Installer is a prerequisite to running Production Applications for Intel DAL on Intel DAL capable systems. The installer installs the Intel® Management Engine Interface (Intel® MEI) and Intel® DAL Host Interface Service (Intel® DAL HIS) on the platform. Where the Intel® Converged Security and Management Engine Software is not pre-installed by OEMs or the Operating System provider, all Licensed Applications for Intel DAL are required to include it as a component within their product installer. The Intel® Converged Security and Management Engine Software performs standard version checking to determine if a current or newer version has been previously installed on the client machine.

Intel® Converged Security Engine (Intel® CSE) Firmware and Software Updates

Intel may issue periodic updates to parts of the platform that are critical to Intel DAL. Some parts of the software are included in the Intel® Converged Security and Management Engine Software and Firmware.

Customers should ensure that their platforms include up-to-date software and firmware.

Customers may find software and firmware updates on their OEMs’ websites.