Partner with usThis website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
TCG computing DICE specification secures sensitive information, boosts performance
December 16, 2024
The Trusted Computing Group (TCG) has launched the DICE Protection Environment (DPE) specification that enables sensitive data and device operations to be kept safe in a more secure environment.
Previously, the majority of major security measures were handled by a device’s firmware unless a Trusted Platform Module (TPM) was present. This included the generation and handling of cryptographic keys, which could also impact device performance. Now, the DPE specification ensures these tasks are isolated from the firmware, which no longer needs to be trusted to carry out sensitive DICE (Device Identifier Composition Engine) operations.
DICE is a hardware Root-of-Trust (RoT) used to protect the devices and components where a TPM would be impractical or infeasible. When a TPM is present, DICE is used to protect communication with the TPM and provides the Root of Trust for Measurement (RTM) for the platform. DICE was designed to close critical gaps in infrastructure and help to establish safeguarding measures for devices. The DICE RoT can also be easily integrated into existing infrastructure, with the architecture being flexible and interoperable with existing security standards.
“DICE DPE marks an exciting development for TCG,” said Chairman of the DICE Work Group, Dennis Mattoon. “For devices without a TPM, it provides essential isolation and protection guarantees, meaning the handling of secrets can be carried out quickly and more securely.”
The specification has also been created to reduce code size and ensure greater interoperability for DICE implementations. For vendors who want to use the specification but lack the understanding of requirements needed for their devices, this can help reduce errors in implementation and ensure there are less vulnerabilities for attackers to exploit.
“We want to reduce the barrier to entry for organizations wanting to adopt a strong hardware Root of Trust (RoT) for their devices,” continued Mattoon. “Yet DICE DPE also gives experienced silicon vendors the means to design and market new DICE IP blocks. Integration is made easier for everyone with this specification.”
DICE DPE is already being used in a number of high-profile solutions, including Open Compute Project’s Caliptra RoT. An open-source standard created to secure computer hardware in the data centre, Caliptra uses the specification to derive a DICE identity for entities within the System on a Chip (SoC). This integration provides the SoC with capabilities such as measured boot, and attestation.
Sign up for HardwareBee
Recent Stories
