Versions Compared

Old Version 8

changes.mady.by.user Joakim Bech

Saved on

compared with

New Version 9

changes.mady.by.user Joakim Bech

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Google: They have created an open profile for DICE (with HAL documentation). In this profile, they have provided lots of details regarding their proposed implementation of DICE. Google have also suggested a couple of extensions to the TCG DICE specification. For example, they suggest that you create two CDI’s in every layer, one for attestation and one for sealing. Google are moving to require Open Profile for DICE implementations in Android. With regards to Google Widevine, we’ve already seen patches in flight in Trusted Firmware A for example. Google have also investigated whether DICE could be used to protect regular TPM commands from active imposers.

  • Microsoft: Who was the original founders of DICE (it started out as RIoT). They use it on Azure IoT devices, Device Provisioning Service (DPS) (see this roundtable article for additional information).

  • Micron: Features Authenta which is a technology meant to secure IoT device. Authenta leverage DICE as one of the building blocks to make sure that only trusted IoT devices with healthy software can gain access to the Microsoft Azure IoT cloud platform.

  • Microchip: Use it in CEC1702 for Azure IoT Hub Device Provisioning Service (DPS) use cases.

  • Nvidia: Created the ConnectX-7 OCP NIC 3.0 TSFF 400G card that implements DICE based attestation.

  • STMicroelectronics: Unknown usage, but according to TCG the STM32L0\L4 family supports DICE.

  • Windbond: Created TrustMe which is a secure flash adhering to the Common Criteria EAL5+ secure certification. This secure flash supports DICE as specified by TCG.

  • TI: UniFlash CC3x20, CC3x3x SimpleLink™ belongs to one of TI’s MCU platforms, where they’ve implemented DICE as an optional feature. Here is a bit more information as well explaining how they use DICE.

Member discussions

We’ve been coming back to DICE a couple of times for a bit more than a year. We’ve been presenting DICE to various SC’s (LEDGE, Linaro TSC, Trusted Firmware TSC and LCG) and we’ve been having one on one discussions with various members and non-members. This has been done both to provide information about DICE to those who are unaware of its existence and more importantly, to collect feedback, open questions, ideas, etc.

...

Since this is solely about the Device ID key, there is no need to read and hash BL3.1 (something that will be needed when generating Alias key-pairs). The reference code here might be useful.

Acceptance criteria:
BL2 shall be able to take the CDI from BL1, generate a Device ID key-pair and Device ID certificates, according to section “5. Architecture”. The Device ID public key and certificate should be passed to BL3.1.

Priority

Description

Jira

1

Must have:

  • CDI as given by BL1 must be used with a KDF to generate the Device ID key-pair.

  • Device ID key-pair should be based on ED25519.

  • The device generated Device ID public key should be used when creating the Device ID certificate.

  • The Device ID public key should be handed over to BL3.1.

  • The Device ID certificate should be handed over to BL3.1.

  • CDI and the Device ID private key should never be accessible by BL3.1.

2

Nice to have:

  • Ability to generate CSR for the public Device ID key.

  • Ability to measure BL3.1 and use that in the CSR.

3

Not in scope:

  • Alias key pair generation

  • Other extensions, like the Google Open Profile for DICE.

...

Priority

Description

Jira

1

Must have:

  • CDI as given by BL1 must be used with a KDF to generate the Alias key-pair.

  • The measurement of BL3.1 must be used to generate the Alias key-pair.

  • The Alias key-pair should be based on ED25519.

  • The Alias key-pair should be handed over to BL3.1.

  • The CDI should never be accessible by BL3.1.

2

Nice to have:

  • Firmware Security Descriptor support which complements purely hash based measurement of the BL3.1.

  • The certificate extension fields contains information that makes it possible for a remote verifier to find out what version runs etc.

3

Not in scope:

  • Alias key certificate generation

  • Other extensions, like the Google Open Profile for DICE.

...

Priority

Description

Jira

1

Must have:

  • The Alias Key public key is used as input for the generation of the Alias key certificate.

  • Device ID Key private key is used as input for the generation of to sign the Alias key certificate.

  • The Alias key certificate should be handed over to BL3.1.

2

Nice to have:

3

Not in scope:

  • Other extensions, like the Google Open Profile for DICE.

...

This objective is about moving out the DICE code previously running at BL2 to instead run in a new bootstage that we call BL1.5. In this layer should solely focus on the doing the DICE operations as specified in “Layer 0, 5. Architecture”. By doing so, we should have a bootstage that will never need to be changed during the device's lifetime. I.e., the DeviceID would stay intact throughout the lifetime of the device.

...

Functionality wise, this shall offer the same features as BL2 provided after completing Req#001, 2, 3 and 4. BL1.5 shouldn’t contain BL2 code. I.e., BL1.5 should just be an intermediate step doing DICE operations before handing over runtime execution to BL2.

Note that, since BL2 will still need to be able to derive Alias Key-pair and Alias certificate. So that code can probably stay as it is, but the code for deriving the Device ID key-pair and certificate should be removed from BL2, since that shall only be done by the first mutable binary.

...

Since we’ve moved key functionality out from BL2 down to BL1.5, we need to clean up and make sure that BL2 is working as any other DICE layer except the first. I.e., it shall be able to derive it’s own Alias Key and certificate and it shall be able pass those to the next boot stage.

\uD83D\uDDD3 Timeline

Roadmap Plannermaplinkstimelinetruesource%7B%22title%22%3A%22Roadmap%20Planner%22%2C%22timeline%22%3A%7B%22startDate%22%3A%222023-08-31%2000%3A00%3A00%22%2C%22endDate%22%3A%222024-06-15%2000%3A00%3A00%22%2C%22displayOption%22%3A%22MONTH%22%7D%2C%22lanes%22%3A%5B%7B%22title%22%3A%22DICE%20PoC%22%2C%22color%22%3A%7B%22lane%22%3A%22%23d04437%22%2C%22bar%22%3A%22%23dc7369%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222023-09-03%2022%3A35%3A54%22%2C%22id%22%3A%22631befe7-a104-4bfb-b957-68b76a530cd6%22%2C%22title%22%3A%22Req%23001%20-%20BL1%20DICE%22%2C%22description%22%3A%22%22%2C%22duration%22%3A0.9683562574257425%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A1%2C%22startDate%22%3A%222023-09-30%2023%3A17%3A27%22%2C%22id%22%3A%22dec67d39-8f20-492a-85e2-5c4791421824%22%2C%22title%22%3A%22Req%23002%20-%20BL2%20DeviceID%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1.3840810099009901%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A2%2C%22startDate%22%3A%222023-10-16%2006%3A09%3A40%22%2C%22id%22%3A%2265bd6b34-5c88-42bd-ad3b-Acceptance criteria:

  • BL2 doesn’t no longer contain DeviceID key generation code.

  • BL2 doesn’t no longer contain DeviceID CSR generation code.

  • BL2 shall start execute code when BL1.5 has completed.

Objective#4 - U-Boot Alias Key pair and certificate generation

This objective is about making sure that U-Boot is capable of generating Alias key-pair and certificate.

Acceptance criteria:

  • BL2 doesn’t no longer contain DeviceID key generation code.

  • BL2 doesn’t no longer contain DeviceID CSR generation code.

  • BL2 shall start execute code when BL1.5 has completed.

\uD83D\uDDD3 Timeline

Roadmap Planner
maplinks
timelinetrue
source%7B%22title%22%3A%22Roadmap%20Planner%22%2C%22timeline%22%3A%7B%22startDate%22%3A%222023-08-31%2000%3A00%3A00%22%2C%22endDate%22%3A%222024-06-15%2000%3A00%3A00%22%2C%22displayOption%22%3A%22MONTH%22%7D%2C%22lanes%22%3A%5B%7B%22title%22%3A%22DICE%20PoC%22%2C%22color%22%3A%7B%22lane%22%3A%22%23d04437%22%2C%22bar%22%3A%22%23dc7369%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222023-09-03%2022%3A35%3A54%22%2C%22id%22%3A%22631befe7-a104-4bfb-b957-68b76a530cd6%22%2C%22title%22%3A%22Req%23001%20-%20BL1%20DICE%22%2C%22description%22%3A%22%22%2C%22duration%22%3A0.9683562574257425%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A1%2C%22startDate%22%3A%222023-09-30%2023%3A17%3A27%22%2C%22id%22%3A%22dec67d39-8f20-492a-85e2-5c4791421824%22%2C%22title%22%3A%22Req%23002%20-%20BL2%20DeviceID%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1.3840810099009901%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A2%2C%22startDate%22%3A%222023-10-16%2006%3A09%3A40%22%2C%22id%22%3A%2265bd6b34-5c88-42bd-ad3b-f5b7e386b4a0%22%2C%22title%22%3A%22Req%23003%20-%20BL2%20Alias%20Keypair%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1.136700811881188%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A3%2C%22startDate%22%3A%222023-11-20%2005%3A19%3A14%22%2C%22id%22%3A%22f65e61f3-4bb0-4889-a5c3-c91d8197d4cb%22%2C%22title%22%3A%22Req%23004%20-%20Certificate%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%2C%7B%22title%22%3A%22BL1.5%22%2C%22color%22%3A%7B%22lane%22%3A%22%23f6c342%22%2C%22bar%22%3A%22%23fadb8e%22%2C%22text%22%3A%22%23594300%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222023-12-21%2012%3A06%3A02%22%2C%22id%22%3A%225a97c107-0100-4f2b-8c01-e5138040b376%22%2C%22title%22%3A%22Req%23005%20-%20Create%20BL1%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%2C%7B%22title%22%3A%22BL3.1%22%2C%22color%22%3A%7B%22lane%22%3A%22%233b7fc4%22%2C%22bar%22%3A%22%236c9fd3%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222024-01-08%2014%3A46%3A37%22%2C%22id%22%3A%22e548c6e5-1886-4b3e-9190-98102042d544%22%2C%22title%22%3A%22Req%23006%20-%20BL3.1%20DICE%20support%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%5D%2C%22markers%22%3A%5B%7B%22title%22%3A%22Marker%201%22%2C%22markerDate%22%3A%222018-10-05%2007%3A07%3A43%22%7D%2C%7B%22markerDate%22%3A%222019-03-15%2000%3A00%3A00%22%2C%22title%22%3A%22Marker%22%7D%5D%7D
pagelinks
titleRoadmap%20Planner
hash5f67f747f2318089d0a127f43040a4a8

...

\uD83D\uDD17 Reference materials