3.2.1.5 Secure Boot

The SecureBoot command is enabled for the ECC608-TFLXWPC. This allows the system to cryptographically validate its firmware via a boot loader before performing a full boot. This functionality can also be used to validate new firmware images before they are loaded.

The secure boot feature requires establishing a P-256 firmware signing key before it can be used. The private key will be held by the firmware developers for signing the firmware image. The public key needs to be written to the secure boot public key slot, then slot locked to make it permanent.

For the ECC608-TFLXWPC, it is also possible to enable the TLS primary private key and the WPC Slot 0 and WPC Slot 1 ECC keys to require a valid secure boot prior to being authorized for use. See Secure Boot Option on how to enable this capability.

See 4.2.3 SecureBoot Command for full details.

To implement the secure boot, several data slots are required.

Secure Boot Digest

The secure boot digest is a 32-byte SHA-256 digest calculated over the firmware application code. This digest needs to be updated every time the firmware is updated. For the ECC608-TFLXWPC, the digest is stored in Slot 7.

Secure Boot Public Key

The secure boot public key is used for a verify function to validate the secure boot digest and signature. The secure boot public key is stored in Slot 15.