MEDIATED SECURE BOOT FOR SINGLE OR MULTICORE PROCESSORS

摘要

A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems.

主权项

1. An apparatus comprising:
at least one secure boot device comprising one or more programmable logic devices or Field Programmable Gate Arrays (FPGAs); wherein the at least one secure boot device is configured to:
while one or more processors or processing cores are held in a reset state, validate first configuration data associated with the at least one secure boot device and validate second configuration data associated with the one or more processors or processing cores; andafter the second configuration data is validated, release the one or more processors or processing cores from the reset state and provide the validated second configuration data to the one or more processors or processing cores.