Secure Boot Flow

The secure boot process in ROT_STATE follows a similar structure to the boot process in EH_STATE, but adds verification and authentication steps to the flow.

Application Signing

Application signing, described in Secure Boot Flow, provides the basic components that allow the ROM to verify and authenticate the application. The flow chart in the "Secure Boot Process" figure gives a high level overview of this process.

Figure: Secure Boot Process

As can be seen from the flow, any failures in the verification and authentication stages result in the device being locked and no application code being executed.

This ensures that the device only operates correctly if valid application code is loaded.

Note that the 'No' path following the "LCS Valid?" check, as shown in the "Secure Boot Process" figure, causes the system to lock up completely in situations where the security block cannot be initialized correctly or the LCS is in an invalid state.

In these situations the device has detected a corruption in the NVM, in which case the device does not have a valid configuration, or the security IP has detected some other situation that prevents the security block from being used. To prevent the exposure of secret information or incorrect application behavior, the device enters an unrecoverable error state.