Latest DICE specification from TCG offers interoperability and user-friendly implementation
Vendors can deliver enhanced security for devices and components thanks to the latest DICE specification from the Trusted Computing Group (TCG) which is currently out for public review.
The new DICE Protection Environment (DPE) specification has been developed to offer isolation for sensitive operations and data, reduced code size, and greater interoperability for DICE implementations. The DPE also provides a path for silicon vendors to create and market strong DICE Intellectual Property blocks, vastly simplifying the integration of DICE hardware Root-of-Trust technology across solutions.
"Handling secrets has historically been done by a vendor's own firmware unless you had a Trusted Platform Module (TPM)," advised Chairman of the DICE Work Group, Dennis Mattoon. "But for devices and components without a TPM, DICE - together with the new DPE specification - can provide isolation and protection guarantees like a TPM. In addition, the DPE specification provides vendors greater interoperability and a path to marketing discrete DICE implementations that can be integrated across solutions."
When implementing RoT hardware such as DICE, vendors are given a number of different options for implementation. For organisations who may not fully understand the requirements needed for their products, this can lead to errors in implementation as well as interoperability concerns. At the same time, working with asymmetric keys can also often be expensive, and having the firmware be responsible for cryptography can be a hinderance. The DPE specification enables these operations to be handled separate from the firmware, freeing up a device's main processor to focus on firmware activity, with no requirement to generate or handle keys at the expense of performance.
DICE DPE provides isolation for sensitive operations and data, beyond the reach of firmware. This also means greater protection when transitioning between boot layers, hardening attesting environments, and strengthening the chain of trust in devices. The effect is not only a reduction in code size and increased interoperability for existing DICE solutions, but also a substantial reduction in the barrier to entry for organisations looking to adopt a strong hardware RoT in their solutions.