Method and system for implementing a secure chain of trust

摘要

A method, an integrated circuit and a system for implementing a secure chain of trust is disclosed. While executing secure boot code in a secure boot mode, less-secure boot code may be authenticated using a secret key. A secure key may also be calculated or generated during the secure boot mode. After control is turned over to the authenticated less-secure boot code, at least one application may be authenticated using the secure key. Once authenticated in the less-secure boot mode, the application may be executed by the programmable integrated circuit. In this manner, a secure chain of trust may be implemented for the programmable integrated circuit.

主权项

1. A method of implementing a secure chain of trust for a programmable integrated circuit, said method comprising:
while executing a first boot code associated with a secure boot mode: accessing information about a peripheral for communicating with said programmable integrated circuit, wherein said peripheral is located external to said programmable integrated circuit; while executing said first boot code, configuring at least one component of said programmable integrated circuit to improve the performance of said peripheral, wherein said configuring further comprises configuring said at least one component based upon said information about said peripheral, wherein said configuring of said at least one component of said programmable integrated circuit comprises increasing a frequency of a clock signal; authenticating a second boot code using a secret key before said secure boot mode is exited and a less secure boot mode is entered; generating a secure key based upon said secret key and a unique identifier, wherein said secure key is generated in one of said secure boot mode and a combination secure/less secure boot mode and wherein said unique identifier is stored in said programmable integrated circuit; limiting access to said secret key before exiting said secure boot mode; while executing said second boot code in a boot mode, authenticating an application for execution on said programmable integrated circuit, wherein said authenticating further comprises authenticating said application using said secure key; while executing said first boot code in a secure boot mode, decrypting said second boot code using said secret key; while executing said second boot code in said boot mode, decrypting said application using said secure key; and exiting said boot mode and executing said application.