Secure Boot#

Secure boot establishes the root of trust to authenticate and protect boot code and data. If the boot process is not secure, then no other subsequent process that executes on the system can be assumed to be secure.

Secure boot primarily provides takeover protection so that the device only executes authentic code. TI’s ARM based processors use cryptographic keys, as discussed in Device Identity and Keys, to ensure that the device always checks for takeover protection during boot up.

Steps for Secure Boot#

Example image

Secure Boot Flow#

  1. A hash of the public key, stored in x509 certificate, is computed and compared with the Public Key Hash stored in eFuse ROM to check for its integrity.

  2. After the integrity check, the public key is used to decrypt the signature of the certificate. The decrypted signature is compared with the hash of the certificate to authenticate it.

  3. The hash of the code is computed and compared with the image hash saved in the certificate.