Nuvoton Secure Boot Solution
The Internet of Things (IoT) brought about the rise of various networking devices, and when everything is connected, security protection of devices becomes a very important issue. In order to prevent devices from being maliciously intruded upon, various security mechanisms became one of the main tasks of companies, and Secure Boot is the first protection lock for devices.
Secure Boot refers to building an unchangeable booting process in the MCU so that when the system boots up, it first checks the firmware saved in the flash memory using coding and hash algorithms to analyze the integrity of the firmware. After it has confirmed that the firmware has not been illegally modified, then it will execute the verified firmware and continue following booting.
Explaining how Secure Boot operates using Nuvoton NuMicro® M480 series:
-
Firmware is stored in the APROM. After booting up, a key identical to the KPROM must be entered in order for the system to unlock the writing function for the flash memory.
-
When performing firmware update using Nuvoton Secure Boot, Nuvoton’s own calculation tool will automatically compute and generate Signature-A, and save it in a specific protected area when updating the MCU firmware.
-
Every time it boots up, the Bootloader calculates the APROM content to get Signature-B; if Signature-A is the same as Signature-B, it means that the firmware has not been tampered with.
Nuvoton NuMicro® M480 series has the Secure Boot function built-in to ensure that before the firmware is updated, it must pass a signature confirmation and unlock the KPROM. Moreover, every time it boots up, it must check the integrity of the firmware in order to prevent unauthorized tampering. In order to help clients easily integrate and use the Secure Boot function, Nuvoton provides complete tool software and program libraries, as well as Crypto Accelerators, able to quickly verify the integrity of the firmware and provide complete security protection for the client’s products.
