4.1.1.5.2 Code Execution in RAM: Authenticity
While integrity checks confirm that the code in RAM has not been corrupted, they do not guarantee that the code originates from a trusted source. Authenticity is established by verifying that the code was produced by an authorized entity, such as the hardware manufacturer or a trusted developer. This is typically achieved using digital signatures. Before execution, the bootloader or secure boot process verifies the digital signature of the code in RAM against a trusted public key stored securely in Flash. Only code that passes this authentication check is allowed to execute.
In dsPIC33A devices, the bootloader is responsible for enforcing these authentication checks for all code loaded into RAM, regardless of the source. Access control mechanisms should be implemented in software to restrict which routines or processes can load or modify code in RAM. By combining digital signature verification with strict access controls, the system ensures that only authentic, trusted code is executed from RAM.
Key Considerations:
- Verify the integrity and authenticity of code loaded into RAM
- Lock the RAM region registers, if reconfiguration is not permitted in later stages to prevent modification