By Dennis Mattoon, Co-Chair of the DICE Work Group

In most large devices, a hardware Root-of-Trust (RoT), such as the Trusted Platform Module (TPM), is used to help defend against firmware attacks. Over a billion devices currently have a TPM inside of them. However, for smaller devices from tiny sensors to smartphones, the TPM can be larger than the device it needs to be attached to. This is why solutions like DICE are key.

For resource constrained devices like the average microcontroller unit (MCU) or system-on-a-chip (SoC), device security relies on a combination of hardware protection for device secrets (DICE HW RoT) and protection of measurements and keys used in firmware.  Before we had the DICE RoT, firmware was responsible for most if not all security critical operations and device secrets.  The DICE RoT and its family of specifications improve on this, specifying hardware protections for device secrets as well as methods for measurement, device identity, and attestation. Now that DICE is well established in the ecosystem, we have the opportunity to go even further and protect DICE operations that had previously relied on existing firmware protections.  Enter the DPE.

The new Device Protection Environment (DPE) specification marks an evolution of previous DICE solutions by establishing an isolated secure execution environment for operations previously handled by firmware. With the new specification, device protection is enhanced through an additional layer of security that secures sensitive processes. Working in a similar capacity to a TPM, the use of a DPE means DICE operations are isolated from firmware and protected. As code sizes are reduced, fewer bugs and vulnerabilities will be present on the device.

Implementation without the knowledge gap

Vendors have myriad options when it comes to implementing DICE. While this is great for companies who fully understand the requirements, many vendors become paralyzed at the variety of choice offered to them. This can lead to errors in implementation as well as interoperability concerns.  The DPE has been developed to offer guidance on implementation choices for DICE as well as best practices for DICE implementations. This also means vendors have the opportunity to develop and market their DICE solutions in the form of a DPE – as a DICE Intellectual Property (IP) block providing the ability to adopt and integrate DICE HW security across solutions. This reduces complexity and simplifies adoption of the DICE RoT for device security.

If the Endorsement Architecture specification is a menu, the DPE specification is a cookbook. Through the guidance provided, companies can reduce or eliminate the risk of implementation error and achieve greater interoperability.  This means products will be more compatible across the whole ecosystem. Importantly, the DPE specification is not limited to devices that already implement DICE, making it a valuable resource for both adopters of RoT hardware and those who haven’t yet integrated it into their own solutions.

Faster, smaller and safer

At the same time, DPE can be used to improve device performance. Working with asymmetric keys can often be expensive, and having the firmware be responsible for cryptography can be a hinderance. The secure execution environment available through the new specification enables these operations to be handled by the DPE.  This frees up a device’s main processor to focus on firmware activity, with no requirement to generate or handle keys at the expense of performance.

Additionally, an effect of using a DPE is a reduction in the size and complexity of the Root of Trust for Measurement (RTM). The DPE also protects transitions between the boot layers of the device, hardening attesting environments and offering greater security for the trust chain. From power-on reset to the runtime state of a device, the DPE specification offers vendors assurance of the trustworthiness of their devices.