1.4 Why Use ROM Code Secure Boot Mode

In today’s connected world, embedded systems are increasingly exposed to threats such as firmware tampering, reverse engineering and unauthorized code injections.

The ROM code Secure Boot mode is a fundamental defense mechanism that ensures that only authentic, untampered firmware is allowed to run on a device—starting from the very first instruction executed after reset.

The ROM code Secure Boot mode is critical because it offers:

  • Protection against unauthorized firmware: The Secure Boot mode verifies the cryptographic signature of the boot image before execution. This prevents attackers from loading custom or malicious firmware, even if they have physical access to the device.
  • A trusted root of execution: By anchoring the boot process in immutable ROM and hardware-protected keys, the Secure Boot mode ensures that all software components are verified, creating a chain of trust from hardware to application.
  • Prevention against persistent malware: Without Secure Boot mode, malware injected at the bootloader level can persist across reboots and firmware updates. The Secure Boot mode blocks any unverified bootloader from running, eliminating this class of attack.
  • Protection of intellectual property: When combined with image encryption, the Secure Boot mode also provides confidentiality, ensuring that firmware cannot be reverse-engineered by unauthorized parties.
  • Regulatory and industry compliance: Many industries (such as automotive, medical or defense) require Secure Boot mode as part of their security certification processes, making it a practical necessity for market access.

In summary, the ROM code Secure Boot mode is a critical security feature that strengthens the trustworthiness, resilience and long-term maintainability of embedded systems.

The SAM9X60 ROM code Secure Boot mode features authentication and decryption of the bootstrap image.

By enabling the ROM code Secure Boot mode, embedded system providers can prevent the execution of tampered or unauthorized software.

This application note introduces the steps and requirements for transitioning a Microchip SAM9X60 32-bit MPU-based design from the default ROM code Standard Boot mode to the ROM code Secure Boot mode. These steps include:

  • Enabling Secure Boot mode
  • Provisioning the device with keying material
  • Permanently locking Secure Boot mode
Warning: Once permanently locked, the ROM code Secure Boot mode cannot be disabled. It is highly recommended to test it using OTPC Emulation mode before finalizing the configuration.