4.1.1.2 Code Signing Keys
Security Objectives:
- Integrity
- Authenticity
Code signing keys are a foundational element of secure boot in embedded systems. These cryptographic keys are used to generate and verify digital signatures on firmware images, ensuring that only authenticated and authorized code is executed on the device. The trustworthiness of the code signing keys directly impacts the integrity and security of the entire secure boot process. If a code signing key is compromised or improperly managed, the system’s chain of trust can be broken, allowing unauthorized or malicious firmware to be loaded.
The IRT/boot code will need to use keys to verify the authenticity of firmware images and possibly authorization request for updating/restoring sections of memory. It might also need to use keys for confidentiality for encrypting/decrypting images or data. This section discusses the concerns of the boot firmware and its use of the code signing keys. This code signing key might be a single, fixed key or it might be part of a key store with a richer set of features such as key rotation or key revocation. The storage, updatability, recoverability and other key store concepts are not discussed in this section. This section discusses the bootloader use of code signing keys and their associated signatures.