Secure Boot Process
Secure boot begins with a first stage bootloader programmed into a protected or non-writable storage location on the device. The first stage bootloader calculates the hash value of the second stage bootloader and verifies the hash is correct by comparing it to a stored, signed hash value for the bootloader or, depending on the system architecture, for the OS itself.
The second stage bootloader, which can be more complex and may be stored in reprogrammable flash memory, repeats this process verifying the operating system and applications are valid. If a monolithic RTOS is used, this is performed in a single step. In a Linux device with separately loadable applications, the process can be repeated to validate each application in the system before loading. Once each layer is validated, it is trusted and can proceed to validate the next high layer in the chain.
Secure boot relies on signed code images to enable validation of the image during the boot process. The images are signed by the device OEM using their private key. The OEM’s corresponding public key must be programmed into the device during manufacturing or provisioning so the device can validate the signature for the firmware image using this key.
Secure firmware update, like secure boot, validates new code images were signed by the OEM during the upgrade process. If downloaded images fail the…
