Embedded secure loaders protect target processor boot from unauthorised software. The IoT, Automotive and aerospace systems are integrating secure boot loader to protect their devices from security breaches
This document providesan embedded secure boot loader software overview, design guidelines,standards, and FAQs.
The main purpose of the boot loader is to initialize the device at processor reset, load executable from external inputs (EEPROM, Peripherals e.g., SCI, USB,CAN ) into internal/external memoryof a target electronic control unit (ECU), and then transfer the program execution control to an entry point in the executable. There are two types of Boot loaders:
Some processors have both primary and secondary boot loaders, whereas some processors have one combined boot loader covering both the boot loaders' functionality.
If an ECU is connected to a network where an intruder can manage to enter the network and load the unauthorized boot software into target hardware, the Secure boot mechanism protects from executing such unauthorized Boot software. For this, the boot software authentication code (e.g., Message authentication code-MAC) will be loaded into secure memory and the boot software can recompute its authentication code at startup and compare it against the stored authentication code. If the comparison matches, pass the control to the application, else stay in the boot. Also, the boot loader software checks the integrity of the application software before transfer control to the entry point of the application software.