MAD24-415 Enabling mobile trust thanks to DPE/DICE in Android

• Friday, 17 May 12:05 - 12:30
• Room: Session 3 | Tenerife II

The DICE attestation scheme is used in Android pVMs to establish trust towards the device. The DPE spec enhances the original idea to move all the related computation into a secure enclave to enforce HW protection. ARM's RSE IP has the required security attributes to host a DPE service. The DPE service (hosted by RSE) was developed within the firmware team and it has been integrated with the wider firmware space (TF-A, U-Boot) and with the software stack of Android pVMs. The goal is to give an overview of the work done and promote the DPE-based attestation solution.