Hardware Requirements for a Device Identifier Composition Engine

03/22/2018 Specification

This specification describes the hardware requirements and process for creating an identity value that is derived from a Unique Device Secret and the identity (a condensed cryptographic representation) of the first mutable code. This specification calls the derived value the Compound Device  Identifier. The composition of the Compound Device Identifier may include hardware state or configuration that influences the execution of the first mutable code.

One of the possible uses of the Compound Device Identifier is to attest to the trustworthiness of an embedded device.

The intended audience for this document is designers of programmable components when they do not have access to a TPM.

The engine that performs the computation of the CDI may be updated, but those updates are not measured in the CDI and must be inherently trusted. First mutable code refers to the code that is executed after the Device Identifier Composition Engine and is not inherently trusted.

*This specification was previously circulated under the title “Trusted Platform Architecture Hardware Requirements for a Device Identifier Composition Engine”