Open dayeol opened 3 years ago
kunisuzaki
commented
3 years ago DICE on RISC-V sounds nice. However, I am not sure how Keystone relates to DICE. The measurement of DICE starts from the power-on, i.e., before the setting up Keystone, I think. Do you have any solution?
An implementation of DICE on RISC-V is published at ARES2020. DICE harder - A hardware implementation of the Device Identifier Composition Engine
dayeol
commented
3 years ago Hi @kunisuzaki, good point, and also thank you for the link to the paper. I think the issue is more about "making Keystone compliant with DICE-based measured boot" rather than "adding DICE to Keystone". I was hoping that we could find some reference implementation of DICE or some sort and make it work with Keystone's ZSBL + RocketChip. I'm still figuring out how the CDI is used by the upper layer mutable software (e.g., SM/OS), though. Do you think this makes sense?
kunisuzaki
commented
3 years ago Hello @dayeol. I am sorry for my late reply. I understand your idea. I guess the CDI (Compound Device Identifier) or USD (Unique Device Secret) is a hardware matter. Can we use PUF or some other hardware technique?
DICE is a hardware/software specification for lightweight measured boot. Open Profile for DICE describes some details on implementing DICE. We may want to implement the measured boot compliant with the open profile.