3.20. Secure Boot¶
In this section we describe the process of secure boot followed by Secondary Bootloader (SBL) to initialize SE05X and MCU for secure binding and communication.
3.20.1. Secure Boot flow¶
LPC55S ROM Bootloader verifies Secondary Bootloader (SBL) image (see AN12283) and hands over control to SBL
SBL performs Secure Binding and opens session to SE05X
SBL uses pre-provisioned key
K_PUB_OEM
in SE05X to verify secure application imageAfter successful verification, SBL loads verified image
(Optional) Secure Application can perform further initialization, non-secure image verification, hand over control to Non-Secure applications, or use SE050 with provided credentials (Secure Binding)
3.20.2. Secondary Bootloader¶
Secondary Bootloader (SBL) performs the following tasks to enable secure boot:
- Secure Binding: Preparing SE05X for PlatformSCP
Establish a pairing between the host MCU and the SE
MCU is only able to use services offered by the paired SE
SE is only able to provide services to the paired MCU
Mutually authenticated, encrypted SCP03 channel
- Preparing host MCU for PlatformSCP session
Securely storing PlatformSCP keys in PUF, protected by keyCodes
- Verifying secure application
Check the signature of secure application to verify that it is signed by a trusted key
- KeyCode handover to secure application
Handing over reference to ENC and MAC keyCodes prepared by SBL to secure application to open PlatformSCP session
3.20.3. Secure Binding¶
- First boot
SBL performs key rotation of the PlatformSCP key
PlatformSCP keys are stored in PUF
KeyCodes stored in flash to be used in subsequent boots
Flag set in flash to disable key rotation in subsequent boots
Verifies secure application
- Next boot
Checks for flag to disable key rotation
Uses keyCodes from flash to verify secure application
Also see Secure Boot Demo