The Rambus Secure Boot solution (formerly from Inside Secure) provides tools for integrating security into an embedded device’s system boot sequence. The Secure Boot solution uses strong cryptography to protect the boot process of SoCs and application processors.
The Secure Boot solution protects the device boot sequence by providing the following security layers:
This layer ensures that the system only boots images that are from a trusted source, without any changes introduced to the images. Thus, this layer protects against tampering.
This layer protects images from being examined by encrypting the image using strong cryptography. By using product-line specific encryption keys, the protected images are also prevented from being used on other product lines.
This layer enforces a secure firmware update by protecting against installing of images that are revoked. It prevents a hacker to use an old image with known vulnerabilities, which have been fixed in maintenance updates.
Support for Rambus Security Cores and Hardware Root of Trust
Support for Certificates
The Secure Boot solution supports use of certificates. The use of certificates allows the creator of the secure boot loader (the chip manufacturer) to delegate the secure boot image signing to device manufacturers. The alternative to using certificates is using multiple boot loader stages.