2.9.2.4.2 Bootstrap Development and Updates

This section provides information about the bootstrap and how to update the ciphered bootstrap on a system already provisioned and having the Secure Monitor disabled.

In order to protect the CBC-ciphered bootstrap from known plain text attacks, it is strongly recommended to follow several common rules:
  • Avoid compiling and linking “as is” source code that is publicly available.
  • Apply secure software development basic principles (add custom parts, add random data, change objects order, etc.).
  • Keep bootstrap sources (binary and ciphered versions) in safe places.
  • Keep bootstrap as small and robust as possible to reduce the number of updates.