2.9.2.4.2 Bootstrap Development and Updates
This section provides information about the bootstrap and how to update the ciphered bootstrap on a system already provisioned and having the Secure Monitor disabled.
In order to protect the CBC-ciphered bootstrap from known plain text
attacks, it is strongly recommended to follow several common rules:
- Avoid compiling and linking “as is” source code that is publicly available.
- Apply secure software development basic principles (add custom parts, add random data, change objects order, etc.).
- Keep bootstrap sources (binary and ciphered versions) in safe places.
- Keep bootstrap as small and robust as possible to reduce the number of updates.