Secure boot can greatly enhance the security of an embedded system by cryptographically verifying that the code being loaded and executed is authentic and has not been unknowingly or maliciously modified. Once a feature of high security applications, these techniques are now being adopted by a broad range of products from mobile phones, tablets, and set-top boxes to networking systems such as base stations, routers and other infrastructure devices.
The compact, flexible Secure Boot SDK allows developers to implement secure boot systems using software-only constructs or with the offload engines, accelerating verification and decryption operations in the target system. Secure boot systems rely on well-proven cryptographic algorithms for verifying signed code, and optionally decrypting code, to ensure that the processor is initialized into a known state and executes code from a trusted source. The Secure Boot SDK supports a variety of system requirements and boot sequences via a simplified two-phase secure bootstrap process that loads only executable code signed by a trusted entity.