Vendors can deliver enhanced security for devices and components thanks to the latest DICE specification from the Trusted Computing Group (TCG) which is currently out for public review.
The new DICE Protection Environment (DPE) specification has been developed to offer isolation for sensitive operations and data, reduced code size, and greater interoperability for DICE implementations. The DPE also provides a path for silicon vendors to create and market strong DICE Intellectual Property (IP) blocks, vastly simplifying the integration of DICE hardware Root-of-Trust (RoT) technology across solutions.
“Handling secrets has historically been done by a vendor’s own firmware unless you had a Trusted Platform Module (TPM),” advised Chairman of the DICE Work Group, Dennis Mattoon. “But for devices and components without a TPM, DICE – together with the new DPE specification – can provide isolation and protection guarantees like a TPM. In addition, the DPE specification provides vendors greater interoperability and a path to marketing discrete DICE implementations that can be integrated across solutions.”
When implementing RoT hardware such as DICE, vendors are given a number of different options for implementation. For organizations who may not fully understand the requirements needed for their products, this can lead to errors in implementation as well as interoperability concerns. At the same time, working with asymmetric keys can also often be expensive, and having the firmware be responsible for cryptography can be a hinderance. The DPE specification enables these operations to be handled separate from the firmware, freeing up a device’s main processor to focus on firmware activity, with no requirement to generate or handle keys at the expense of performance.
DICE DPE provides isolation for sensitive operations and data, beyond the reach of firmware. This also means greater protection when transitioning between boot layers, hardening attesting environments, and strengthening the chain of trust in devices. The effect is not only a reduction in code size and increased interoperability for existing DICE solutions, but also a substantial reduction in the barrier to entry for organizations looking to adopt a strong hardware RoT in their solutions.
More to explore
For more information about the specification, visit https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Protection-Environment-Specification_14february2023-1.pdf
|Proactive International PR|
Trusted Computing Group
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at the TCG website, www.trustedcomputinggroup.org. The organization offers a number of resources for developers and designers at https://develop.trustedcomputinggroup.org/.
|Follow TCG on Twitter and LinkedIn.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.