1.3 ROM Code Secure Boot Authenticity and Confidentiality
In ROM code Secure Boot mode, two fundamental security principles play a central role: authenticity and confidentiality.
- Authenticity ensures that the firmware or bootloader being executed was created and signed by a trusted source. This is achieved through digital signatures, which the Secure Boot mode verifies using securely stored secret material. It relies on publicly known cryptographic algorithms, both symmetric and asymmetric, to validate the signature. If the signature is invalid or missing, the boot process is aborted, preventing the execution of unauthorized or tampered code.
- Confidentiality, while not always required for ROM code Secure Boot mode implementations, becomes critical in systems where the boot image contains sensitive information or intellectual property (IP). By encrypting the boot image, confidentiality ensures that even if an attacker gains access to the firmware binary, they cannot understand or reuse its content without the correct decryption keys.
Together, authenticity ensures trust, while confidentiality preserves secrecy. When both are enforced, Secure Boot mode not only blocks malicious code execution but also protects proprietary code from reverse engineering and unauthorized redistribution.