CoDICE: Roll the DICE for Firmware Attestation

The firmware manifest is a critical file used during firmware updates that contains essential instructions and data about the update. This information allows devices to validate, download, and install the firmware update securely and is a critical component for firmware attestation. A compromised firmware manifest can lead to system-wide vulnerabilities and critical operational failure. Although firmware attestation using trusted hardware such as trusted platform modules (TPM) or trusted execution environments is gaining popularity, existing approaches do not provide support for protecting the firmware manifest. However, these approaches are often impractical in resource-constrained environments. Moreover, the lack of standardized firmware manifest formats across vendors exacerbates interop-erability challenges and increases attack surfaces by exposing sensitive information about vendors’ firmware. In this paper, we propose CoDICE, a comprehensive attestation framework that integrates Trusted Computing Group’s Concise Reference Integrity Manifest (CoRIM) format with the layered Device Identifier Composition Engine (DICE) architecture. CoDICE is platform 1 agnostic. It defines a uniform way to transform unstructured vendor-specific manifests into IETF’s Concise Data Definition Language (CDDL)-validated CoRIM structures enabling layered, runtime attestations. CoDICE ensures verifiable firmware integrity, runtime security, confidentiality, and enhanced cross-vendor interoperability. Our proof-of-concept implementation demonstrates the security and practicality of the approach, paving the way for structured, formally analyzable firmware update mechanisms in constrained and heterogeneous environments.

R. Podder, J. Simental, E. Azizli, B. Mantha, and I. Ray, "CoDICE: Roll the DICE for Firmware Attestation," in Proc. 2025 7th IEEE Int. Conf. Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2025, pp. 1-10.
Access Paper | Download Bibtex