Versions Compared

Old Version 21

changes.mady.by.user Ilias Apalodimas

Saved on

compared with

New Version 22

changes.mady.by.user Joakim Bech

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After that we suggest that move the DICE code we’ve added to BL2 and run that in a separate boot stage that we call BL1.5. That would give us a separate layer dealing with device identity, that should stay the same throughout the lifetime of the device. That is Objective#2 below.

Diagrams

This diagram is mean to visualize how the DICE boot flow could look like on an Armv8-A device.

...

Objective#1 - DICE proof of concept, following the TCG specification

...

Priority

Description

Jira

1

Must have:

  • CDI as given by BL1 must be used with a KDF to generate the Device ID key-pair.

  • Device ID key-pair should be based on ED25519.

  • The device generated Device ID public key should be used when creating the Device ID certificate.

  • The Device ID public key should be handed over to BL3.1.

  • The Device ID certificate should be handed over to BL3.1.

  • CDI and the Device ID private key should never be accessible by BL3.1.

2

Nice to have:

  • Ability to generate CSR (PKCS#10) for the public Device ID key.

  • Ability to measure BL3.1 and use that in the CSR.

3

Not in scope:

  • Alias key pair generation

  • Other extensions, like the Google Open Profile for DICE.

...

Acceptance criteria:
BL2 shall be able to take the CDI from BL1, generate a Alias key-pair, according to section “5. Architecture”. The Alias key-pair should be passed to BL3.1 according to “8.1.

Priority

Description

Jira

1

Must have:

  • CDI as given by BL1 must be used with a KDF to generate the Alias key-pair.

  • The measurement of BL3.1 must be used to generate the Alias key-pair.

  • The Alias key-pair should be based on ED25519.

  • The Alias key-pair should be handed over to BL3.1.

  • The CDI should never be accessible by BL3.1.

2

Nice to have:

  • Firmware Security Descriptor support which complements purely hash based measurement of the BL3.1.

  • The certificate extension fields contains information that makes it possible for a remote verifier to find out what version runs etc.

3

Not in scope:

  • Alias key certificate generation

  • Other extensions, like the Google Open Profile for DICE.

...

Priority

Description

Jira

1

Must have:

  • Alias Key is used as input for the generation of the Alias key certificate.

  • Device ID Key is used as input for the generation of the Alias key certificate.

  • The Alias key certificate shall have a statistically unique serial number (see 7.3.2).

  • The Alias key certificate should be handed over to BL2.

  • The Device ID certificate should be handed over to BL2.

  • The Device ID public key should be handed over to BL2.

2

Nice to have:

3

Not in scope:

  • Other extensions, like the Google Open Profile for DICE.

Objective#3 - DICE support in

...

Since we’ve moved key functionality out from BL2 down to BL1.5, we need to clean up and make sure that BL2 is working as any other DICE layer except the first. I.e., it shall be able to derive it’s own Alias Key and certificate and it shall be able pass those to the next boot stage.

Acceptance criteria:

  • BL2 doesn’t no longer contain DeviceID key generation code.

  • BL2 doesn’t no longer contain DeviceID CSR generation code.

  • BL2 shall start execute code when BL1.5 has completed.

Objective#4 - U-Boot Alias Key pair and certificate generation

...

BL3.1

This objective is about adding support in BL3.1 so it also can generate the Alias key-pair and the Alias certificate corresponding to this layer. Note that BL3.1 will not pass execution directly to BL3.2 (TEE). Instead BL3.1 will return back to BL2, that in turn will setup and call BL3.2. Therefore the BL3.1 must pass it’s DICE data back to BL2 and BL2 in turn has to pass this onto BL3.2. The sequence diagram further up shows how the call chain would look like.

Req#006 - BL3.1 shall create Alias key-pair and Alias certificate

Similar to other layers, Bl3.1, should also be able to create the Alias key-pair and certificate.

Acceptance criteria:

  • BL3.1 is able to generate Alias key-pair and Alias certificate.

  • BL3.1 is able to return back the Alias data to BL2.

Objective#4 - DICE support in TEE

We envision that it is the TEE environment that ultimately will act as the attester. Therefore we believe that the DICE chain ends in the TEE and whenever a Verifier requests evidence in form a an attestation request it’s the TEE’s responsibility to gather data for those requests. That might be to make measurements of runtime such as U

...

-Boot, Linux OS etc.

Req#007 - TEE shall create Alias key-pair and Alias certificate

...

Acceptance criteria:

  • BL3.2 / TEE is able to generate Alias key-pair and Alias certificate to Grub, Linux or something similar.

  • BL3.2 / TEE should leverage secure storage to save DICE data.

Priority

Description

Jira

1

Must have:

It shall not be possible to read out the private key via U-boot commands

  • Ability to create Alias-key pair.

  • Alias Key is used as input for the generation of the Alias key certificate.

  • The Alias key certificate shall have a statistically unique serial number (see 7.3.2).

  • Ability to save and retrieve DICE data from memory (RAM).

2

Nice to have:

  • Store DICE data to secure storage.

3

Not in scope:

  • Other extensions, like the Google Open Profile for DICE.

  • Creating TA’s / interface to be able to respond to attestation requests.

\uD83D\uDDD3 Timeline

Roadmap Planner
maplinks
timelinetrue
source%7B%22title%22%3A%22Roadmap%20Planner%22%2C%22timeline%22%3A%7B%22startDate%22%3A%222023-08-31%2000%3A00%3A00%22%2C%22endDate%22%3A%222024-06-15%2000%3A00%3A00%22%2C%22displayOption%22%3A%22MONTH%22%7D%2C%22lanes%22%3A%5B%7B%22title%22%3A%22DICE%20PoC%22%2C%22color%22%3A%7B%22lane%22%3A%22%23d04437%22%2C%22bar%22%3A%22%23dc7369%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222023-09-03%2022%3A35%3A54%22%2C%22id%22%3A%22631befe7-a104-4bfb-b957-68b76a530cd6%22%2C%22title%22%3A%22Req%23001%20-%20BL1%20DICE%22%2C%22description%22%3A%22%22%2C%22duration%22%3A0.9683562574257425%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A1%2C%22startDate%22%3A%222023-09-30%2023%3A17%3A27%22%2C%22id%22%3A%22dec67d39-8f20-492a-85e2-5c4791421824%22%2C%22title%22%3A%22Req%23002%20-%20BL2%20DeviceID%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1.3840810099009901%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A2%2C%22startDate%22%3A%222023-10-16%2006%3A09%3A40%22%2C%22id%22%3A%2265bd6b34-5c88-42bd-ad3b-f5b7e386b4a0%22%2C%22title%22%3A%22Req%23003%20-%20BL2%20Alias%20Keypair%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1.136700811881188%2C%22pageLink%22%3A%7B%7D%7D%2C%7B%22rowIndex%22%3A3%2C%22startDate%22%3A%222023-11-20%2005%3A19%3A14%22%2C%22id%22%3A%22f65e61f3-4bb0-4889-a5c3-c91d8197d4cb%22%2C%22title%22%3A%22Req%23004%20-%20Certificate%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%2C%7B%22title%22%3A%22BL1.5%22%2C%22color%22%3A%7B%22lane%22%3A%22%23f6c342%22%2C%22bar%22%3A%22%23fadb8e%22%2C%22text%22%3A%22%23594300%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222023-12-21%2012%3A06%3A02%22%2C%22id%22%3A%225a97c107-0100-4f2b-8c01-e5138040b376%22%2C%22title%22%3A%22Req%23005%20-%20Create%20BL1%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%2C%7B%22title%22%3A%22BL3.1%22%2C%22color%22%3A%7B%22lane%22%3A%22%233b7fc4%22%2C%22bar%22%3A%22%236c9fd3%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222024-01-08%2014%3A46%3A37%22%2C%22id%22%3A%22e548c6e5-1886-4b3e-9190-98102042d544%22%2C%22title%22%3A%22Req%23006%20-%20BL3.1%20DICE%20support%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%5D%2C%22markers%22%3A%5B%7B%22title%22%3A%22Marker%201%22%2C%22markerDate%22%3A%2220181%20DICE%20support%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%2C%7B%22title%22%3A%22TEE%22%2C%22color%22%3A%7B%22lane%22%3A%22%238eb021%22%2C%22bar%22%3A%22%23aac459%22%2C%22text%22%3A%22%23ffffff%22%2C%22count%22%3A1%7D%2C%22bars%22%3A%5B%7B%22rowIndex%22%3A0%2C%22startDate%22%3A%222024-01-21%2011%3A27%3A05%22%2C%22id%22%3A%22bdd7759d-1092-4359-b0d0-3302b57e12ef%22%2C%22title%22%3A%22Req%23007%20-%20TEE%20in%20DICE%22%2C%22description%22%3A%22%22%2C%22duration%22%3A1%2C%22pageLink%22%3A%7B%7D%7D%5D%7D%5D%2C%22markers%22%3A%5B%7B%22title%22%3A%22Marker%201%22%2C%22markerDate%22%3A%222018-10-05%2007%3A07%3A43%22%7D%2C%7B%22markerDate%22%3A%222019-03-15%2000%3A00%3A00%22%2C%22title%22%3A%22Marker%22%7D%5D%7D
pagelinks
titleRoadmap%20Planner
hash5f67f747f2318089d0a127f43040a4a8485196f3f5ebd40f47063abf8f430448

\uD83D\uDEA9 Milestones and deadlines

...

\uD83D\uDD17 Reference materials

...