2.9.2.3.2 Valid Code Detection in Secure Boot Mode

The valid code detection in Secure Boot mode is similar to the one in Standard Boot mode. However, additional checks and operations are performed.

First, the header is validated by an AES-CMAC tag instead of a SHA-256 digest and then checked to ensure that the sum of the bootstrap size and the security data size do not exceed the maximum bootstrap size.

The verification process depends on the AUTH_MODE field in the Secure Boot Configuration Packet.

In AES-CMAC verification, the security data contains only the TAG for the ciphered bootstrap image and must be 16 bytes (AES block size).

When Digital Signature verification is selected, the security data is an ASN.1 construction. It is parsed to extract the algorithm used to sign the bootstrap code, a certificate chain, and the bootstrap digital signature. If trailing bytes remain when the security data parsing is complete, the image is considered invalid. Digital signature algorithms allowed are:

  • RSA with SHA-256 : OID sha256WithRSAEncryption(11)
  • RSA with SHA-384 : OID sha384WithRSAEncryption(12)
  • RSA with SHA-512 : OID sha512WithRSAEncryption(13)
  • RSA with SHA-224 : OID sha224WithRSAEncryption(14)
  • EC-DSA with SHA-224: OID ecdsa-with-SHA224(1)
  • EC-DSA with SHA-256: OID ecdsa-with-SHA256(2)
  • EC-DSA with SHA-384: OID ecdsa-with-SHA384(3)
  • EC-DSA with SHA-512: OID ecdsa-with-SHA512(4)

RSA key sizes supported are 2048 and 4096 bits using RSASSA PKCS1 v1_5 as per RFC 3447. For EC-DSA, the ROM code supports the following curves:

  • secp256r1
  • secp384r1
  • secp521r1

The certificate chain is checked and, if valid, the public key found in the last certificate is used to verify the ciphered bootstrap.

If these validations fail, the ROM code restores the memory interface PIO and its settings to their reset values and then attempts to boot on the next NVM in the boot sequence.

If the bootstrap verification passes, the ROM code deciphers the boot file stored in the internal SRAM0.

If the dual-step verification mode is active, the AES-CMAC tag on the plain text bootstrap is verified.

Since the NVM interface is no longer needed, the ROM code restores the memory interface PIO and its settings to their reset values.

Finally, the ROM code locks access to the ROM area, enables JTAG, and then branches to the beginning of the internal SRAM0 to execute the deciphered bootstrap.