Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Applications of DICE
Stay organized with collections
Save and categorize content based on your preferences.
The Device Identifier Composition
Engine (DICE) is an Android security feature that provides strong attestation and improves
device integrity by creating a unique cryptographic identity for each device. DICE is especially
useful for creating device identities that can be used in scenarios requiring strong proof of
identity and secure communications.
Remote Key Provisioning (RKP)
There are several key benefits that come from using DICE for RKP.
Minimization of the attack surface
DICE enhances RKP by grounding the root of trust in the smallest possible
trusted computing base (TCB)
available on the device, usually the chip itself, rather than within the Trusted Execution
Environment (TEE). This greatly reduces the attack surface and minimizes the risk of permanent RKP
compromise.
Recovery from TEE compromises
DICE provides a mechanism to recover trust in devices even if there are compromises in the TEE or
bootloader that could affect the validity of the key attestations generated by
KeyMint.
Historically, vulnerabilities in the
TEE
or bootloader led to
full revocation of attestation keys for all affected devices, with no path to recover trust even
if the vulnerabilities were patched. This was because the TEE performed remote verification over
the Android image being loaded through the
Android Verified Boot,
making it impossible to prove to a remote party that the patches had been applied. DICE addresses
this issue by enabling remote verification of current firmware state, even outside of Android,
allowing affected devices to recover trust.
Mutual authentication of isolated environments
Each application domain that the DICE process terminates in receives an identity in the form of a
key with a certificate chain extending back to the shared root of trust derived by the ROM. The
DICE derivation process separates into different branches as different loading paths diverge,
forming a tree of certificates that all share the same root and creating an on-device public key
infrastructure (PKI).
This PKI enables components in separate secure enclaves to mutually authenticate one another. One
concrete example is Secretkeeper,
a hardware abstraction layer (HAL)
that allows privileged virtual machines (pVMs) to communicate with the TEE to receive a stable
secret that can be used to securely store persistent data.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-06-18 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-18 UTC."],[],[],null,["# Applications of DICE\n\nThe [Device Identifier Composition\nEngine (DICE)](/docs/security/features/dice) is an Android security feature that provides strong attestation and improves\ndevice integrity by creating a unique cryptographic identity for each device. DICE is especially\nuseful for creating device identities that can be used in scenarios requiring strong proof of\nidentity and secure communications.\n\nRemote Key Provisioning (RKP)\n-----------------------------\n\n\nThere are several key benefits that come from using DICE for RKP.\n\n### Minimization of the attack surface\n\n\nDICE enhances RKP by grounding the root of trust in the smallest possible\n[trusted computing base (TCB)](https://en.wikipedia.org/wiki/Trusted_computing_base)\navailable on the device, usually the chip itself, rather than within the Trusted Execution\nEnvironment (TEE). This greatly reduces the attack surface and minimizes the risk of permanent RKP\ncompromise.\n\n### Recovery from TEE compromises\n\n\nDICE provides a mechanism to recover trust in devices even if there are compromises in the TEE or\nbootloader that could affect the validity of the key attestations generated by\n[KeyMint](/docs/security/features/keystore/attestation#attestation-extension).\n\n\nHistorically, vulnerabilities in the\n[TEE](https://en.wikipedia.org/wiki/Trusted_execution_environment)\nor [bootloader](/docs/core/architecture/bootloader) led to\nfull revocation of attestation keys for all affected devices, with no path to recover trust even\nif the vulnerabilities were patched. This was because the TEE performed remote verification over\nthe Android image being loaded through the\n[Android Verified Boot](/docs/security/features/verifiedboot),\nmaking it impossible to prove to a remote party that the patches had been applied. DICE addresses\nthis issue by enabling remote verification of current firmware state, even outside of Android,\nallowing affected devices to recover trust.\n\nMutual authentication of isolated environments\n----------------------------------------------\n\n\nEach application domain that the DICE process terminates in receives an identity in the form of a\nkey with a certificate chain extending back to the shared root of trust derived by the ROM. The\nDICE derivation process separates into different branches as different loading paths diverge,\nforming a tree of certificates that all share the same root and creating an on-device public key\ninfrastructure (PKI).\n\n\nThis PKI enables components in separate secure enclaves to mutually authenticate one another. One\nconcrete example is [Secretkeeper](https://android.googlesource.com/platform/system/secretkeeper/),\na [hardware abstraction layer (HAL)](/docs/core/architecture/hal)\nthat allows privileged virtual machines (pVMs) to communicate with the TEE to receive a stable\nsecret that can be used to securely store persistent data."]]
