Implementation of the TCG DICE Specification into the Keystone TEE Framework

The rapid adoption of IoT devices introduced significant security challenges because they are often resource-constrained and operate in untrusted environments. Their adoption into critical scenarios makes it paramount they remain trustworthy. A possible solution is the Trusted Execution Environment (TEE), which isolates and protects sensitive code and data in use. Many TEE implementations exist (e.g. ARM TrustZone), yet most are closed-source, with specific hardware requirements. To overcome these issues, open-source solutions like Keystone have been proposed. Keystone is a framework for building customizable TEEs targeting RISC-V devices, based on the Physical Memory Protection security extension. Enforcing local protection must be coupled with the ability to verify the device is behaving as intended. This can be achieved with attestation techniques, but for the highest security level, some additional components are required. While Keystone defines basic requirements for attestation, it does not support architectures based on standard specifications. The Trusted Computing Group developed the Device Identifier Composition Engine (DICE) specifications to establish strong identity and integrity for IoT devices. In this paper, we propose the DICE integration in Keystone, to support secure boot and attestation. We detail the design, implementation, and evaluation of this solution,