AnsweredAssumed Answered

LPC55S69 DICE

Question asked by Simon Ott on Apr 16, 2019

Our goal is to use DICE with the LPC55S69 in secure IoT applications. According to the DICE specification, the DICE should combine the UDS with the measurement of "the first mutable code" to be executed to generate the CDI. Our goal would have been, that DICE measures the first piece of our code in the secure world and creates the CDI out of the UDS and this code.

 

However, in the user manual I found nothing on how DICE can measure the first mutable code. The only possibilities I found to adjust the behaviour are the configuration possibilities to specify to "Include NXP Area", "Include CFPA page and key store area" and to "Include security epoch area" in the DICE computation.

 

The NXP Area and CFPA page are not "the first mutable code" according to my understanding. About the "security epoch area" I did not find another mention in the user manual or in any application note.

 

My questions therefore are 1) what is the "Security Epoch Area" and where can I find documentation about it 2) Is there any documentation I am missing about DICE apart from the few lines in the user manual 3) Is it possible to include the first piece of user code in the flash in the DICE computation?

Outcomes