Sep 12 – 14, 2022
Europe/Dublin timezone

Using DICE Attestation for SEV and SNP Hardware Rooted Attestation

Sep 13, 2022, 11:00 AM
"Herbert" (Clayton Hotel on Burlington Road)


Clayton Hotel on Burlington Road

Confidential Computing MC Confidential Computing MC


Peter Gonda (Google)


Device Identifier Composition Engine (DICE) is a measured boot solution for systems without a TPM or similar hardware based capabilities. DICE is a layered approach meaning that each layer or software component of a boot takes inputs from the previous layer, its measurement and certificate, and then generates the same for the next phase of the boot. The output of this layering provides a strong code identity of all components of the boot. Since not all Confidential VM hardware contains TPM-like capabilities for attestation, DICE may be a solution for providing a meaningful attestation story for linux workloads in these environments.

I agree to abide by the anti-harassment policy Yes

Primary author

Peter Gonda (Google)

Presentation materials

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Speaker Gift Sponsor

Catchbox Sponsor

Video Recording Sponsor

Livestream Sponsor

T-Shirt Sponsor

Conference Services Provided by