DICE harder: a hardware implementation of the device identifier composition engine

Abstract

The specification of the Device Identifier Composition Engine (DICE) has been established as a minimal solution for Trusted Computing on microcontrollers. It allows for a wide range of possible implementations. Currently, most implementations use hardware that was not specifically designed for this purpose. These implementations are reliant on black box MPUs and the implementation process has certain pitfalls due to the use of hardware that was not originally designed for the use in DICE. We propose a DICE architecture that is based on a microcontroller equipped with hardware tailored to DICE's requirements. Since DICE is intended to be a minimal solution for Trusted Computing, the architecture is designed to add as little overhead to a microcontroller as possible. It consists of minor modifications to the CPU's processor pipeline, dedicated blocks of memory and modified interrupt and debug modules which makes it easy to implement. A prototype built on the VexRiscV platform, an open implementation of the RISC-V instruction set architecture, is created. It is synthesized for an FPGA and the increase in chip size and the impact on runtime due to the DICE extensions are evaluated. The goal is to demonstrate that with minimal changes to a microcontroller's design a DICE can be implemented and used as a secure Root of Trust in environments such as IoT, Industrial and Automotive.