News
Latest DICE specification from TCG offers interoperability and user-friendly implementation
May 2023 by Marc Jacob
Vendors can deliver enhanced security for devices and components thanks to the latest DICE specification from the Trusted Computing Group (TCG) which is currently out for public review.
The new DICE Protection Environment (DPE) specification has been developed to offer isolation for sensitive operations and data, reduced code size, and greater interoperability for DICE implementations. The DPE also provides a path for silicon vendors to create and market strong DICE Intellectual Property (IP) blocks, vastly simplifying the integration of DICE hardware Root-of-Trust (RoT) technology across solutions.
When implementing RoT hardware such as DICE, vendors are given a number of different options for implementation. For organizations who may not fully understand the requirements needed for their products, this can lead to errors in implementation as well as interoperability concerns. At the same time, working with asymmetric keys can also often be expensive, and having the firmware be responsible for cryptography can be a hinderance. The DPE specification enables these operations to be handled separate from the firmware, freeing up a device’s main processor to focus on firmware activity, with no requirement to generate or handle keys at the expense of performance.
DICE DPE provides isolation for sensitive operations and data, beyond the reach of firmware. This also means greater protection when transitioning between boot layers, hardening attesting environments, and strengthening the chain of trust in devices. The effect is not only a reduction in code size and increased interoperability for existing DICE solutions, but also a substantial reduction in the barrier to entry for organizations looking to adopt a strong hardware RoT in their solutions.
