19.3.2 Bootstrap Development and Updates
This section provides information about the bootstrap and how to update the ciphered bootstrap on a system already provisioned and having the secure monitor disabled.
In order to protect the CBC ciphered bootstrap from known plain text
attacks, it is strongly recommended to follow several common rules:
- Avoid compiling and linking “as is” source code that is publicly available.
- Apply secure software development basic principles (add custom parts, add random data, change objects order, etc.).
- Keep bootstrap sources (binary and ciphered versions) in safe places.
- Keep bootstrap as small and robust as possible to reduce number of updates.