2.9.2.1 Description

The Secure Boot mode is enabled and configured by writing a Secure Boot Configuration Packet and Customer Key Payload into the OTP memory.

When the Secure Boot mode is enabled, the character string “Secure Boot Mode“ is also sent after “RomBOOT” on the console.

The Secure Boot mode authenticates and deciphers a bootstrap stored in an external Non-Volatile Memory (NVM) prior to its execution. The secure boot ensures that only authorized code is executed, thus protecting the customer IP and providing a Root of Trust (RoT) in the hardware.

When the Secure Boot mode is enabled, the chip only allows booting on an authenticated and ciphered boot file. The bootstrap can be authenticated and deciphered in two ways:
  • AES-CBC-CMAC mode:
    • Authentication is performed using the customer private CMAC key stored in the OTP memory and the AES-CMAC algorithm.
    • Boot file decryption is performed using the customer private CBC key stored in the OTP memory and the AES-CBC algorithm.
  • AES-CBC-RSA mode:
    • Authentication is performed using the customer public key contained in the last X.509 certificate chain stored after the boot file.
    • Boot file decryption is performed using the customer private CBC key stored in the OTP memory and the AES-CBC algorithm.

Encryption is supported by an AES (using HW acceleration); in addition, either symmetric (AES-CMAC) or asymmetric (RSA-based using an X.509 certificate chain) authentication is supported.