Secure Boot

Secure Boot

The security of electronic devices is an ever growing concern as we rapidly move toward an IoT connected paradigm to service today's markets.

Secure Boot provides a full set of functions that will enable developers to verify firmware upgrades and/or loadable modules. Secure boot can greatly enhance the security of an embedded device by cryptographically verifying that any new software and firmware is authentically (produced by the manufacturer) and has not been unknowingly compromised or maliciously modified.

Industry Standards Based using X.509 RSA and ECC Certificates

The Secure Boot technology is using industry standard X.509 certificates for authentication of the new software by using RSA certificates or the new (faster and smaller) Elliptic Curves Cryptography (ECC) certificates.

How it Works...

New software and/or firmware replacements are signed by first calculating a digital digest of the composition to be loaded and then signing the digital hash using the private portion of an X.509 certificate. The software can then be verified on the device by first calculating a digital hash of the new software and then comparing the digital hash to the signed hash. The signature included in the new software is also cryptographically verified in the device by using the certificate included in the Secure Boot.

Signing and verification of the hash is performed via the use of either RSA or ECC. Both technologies are referred to as an asymmetric encryption and will deduct optimal results using the SharkSSL industry's fastest and smallest proprietary big number library. Assembler optimized versions are available for common processors like ARM Cortex and Renesas RX, making the verification process even faster.

References