Google Posts Open Profile For DICE Linux Driver, Forwards Firmware Secrets To User-Space

Written by Michael Larabel in Google on 8 December 2021 at 05:26 AM EST. 7 Comments
GOOGLE
Google is looking to upstream their Linux kernel driver for Open Profile for DICE, a secret derivation protocol used currently by some Android devices.

The proposed "DICE" driver is for exposing these "secrets" to user-space that were generated by the firmware/bootloader of the Android devices. While this passing of secrets from firmware to user-space may raise some security concerns and worries, the intended use-case of this Open Profile for DICE is around trusted computing with attestation and sealing as part of a verified boot system.

When it comes to this new Linux driver it's about claiming a reserved memory region containing secrets generated by the firmware/bootloader and exposing them to the Linux user-space as a character device. The secrets are expected to contain Compound Device Identity (CDI) certificates.


Open Profile for DICE


This Open Profile for DICE driver is currently out for review. Those interested in Google's Open Profile for DICE can find the specification documentation here for enhancing trusted computing capabilities on Android devices.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week