19.2.1 Overview
The secure boot mode authenticates and deciphers a boot file stored in an external Non-Volatile Memory (NVM) prior to its execution. The boot file can be a bootstrap code or the user application. The secure boot ensures that only authorized code is executed, thus protecting the customer IP and providing a Root of Trust (RoT) in the hardware.
When the Secure Boot mode is enabled, the chip only allows booting on an
authenticated and ciphered boot file. The boot file can be authenticated and deciphered in
two ways:
- AES-CBC-CMAC mode:
- Authentication is performed using the customer private CMAC key stored in the OTP memory, using the AES-CMAC algorithm.
- Boot file decryption is performed using the customer private CBC key stored in the OTP memory, using the AES-CBC algorithm.
- AES-CBC-RSA mode:
- Authentication is performed using the customer public key contained in the last X.509 certificate chain stored after the boot file.
- Boot file decryption is performed using the customer private key stored in the OTP memory, using the AES- CBC algorithm.
Additionally, a 'pairing' mode can be enabled. In this case, the customer private CBC key is diversified with the Chip Unique ID to decipher the boot file.
Encryption is supported by an AES (using HW acceleration); in addition, either symmetric (AES-CMAC) or asymmetric (RSA-based using X509 certificate chain) authentication is supported.