Security Subsystem

RSL15 includes security IP provided by Arm, specifically the Arm CryptoCell-312 (CC312) security processor. In addition, the Arm Cortex-M33 processor itself includes support for TrustZone.

The ROM ensures that the hardware Root-of-Trust (RoT) is verified when running as a secure device. This ensures that no untrusted code can be executed by the ROM.

RSL15 also supports deployment as a non-secure device, allowing much lower power utilization. This mode is provided primarily for energy harvesting applications. However, this is not limited by design; any application can be executed in the lower security model if required.

IMPORTANT: For detailed information about the device states, the secure Root of Trust (RoT), and tools provided to support the security subsystem, see the RSL15 Security User's Guide.

Secure Boot Process

There are a limited number of steps involved when evaluating the secure Root of Trust (RoT) in the secure state:

  • Verify the peripheral ID.
  • Get the current life cycle state.
  • Secure debug authentication:
    • If debug certificates are available, they must be validated.
    • If valid, debug facilities need to be enabled.
  • Image verification phase:
    • Verify the certificate chain.
    • Handle key certificates.
    • Handle content certificates and content.
    • Lock resources.
  • In the case of an error occurring during this flow, abort the boot sequence in a secure state.
  • If validation completes and the image is authenticated, execute the validated image.