3.2.1.4 Secure Boot

The SecureBoot command is enabled for the ECC608-TMNGTLS. This allows the system to cryptographically validate its firmware via a boot loader before performing a full boot. This functionality can also be used to validate new firmware images before they are loaded.

The secure boot feature requires establishing an ECC P-256 firmware signing key before it can be used. The private key will be held by the firmware developers for signing the firmware image. The public key will be written to the secure boot public key slot and the slot will be locked to make it permanent during manufacturing at the contract manufacturer site.

To implement the SecureBoot, several data slots are required.

Secure Boot Digest

The Secure Boot Digest is a 32-byte SHA-256 digest calculated over the firmware application code. This digest needs to be updated every time the firmware is updated. For the ECC608-TMNGTLS, the digest is stored in Slot 13.

Secure Boot Public Key

The Secure Boot public key is used to perform a verify function to validate the Secure Boot Digest and signature. The Secure Boot public key is stored in Slot 15.

I/O Protection Key

The I/O protection key is stored in Slot 7 and can be used to protect the SecureBoot command output.