Security Subsystem
RSL15 includes security IP provided by Arm, specifically the Arm CryptoCell-312 (CC312) security processor. In addition, the Arm Cortex-M33 processor itself includes support for TrustZone.
The ROM ensures that the hardware Root-of-Trust (RoT) is verified when running as a secure device. This ensures that no untrusted code can be executed by the ROM.
RSL15 also supports deployment as a non-secure device, allowing much lower power utilization. This mode is provided primarily for energy harvesting applications. However, this is not limited by design; any application can be executed in the lower security model if required.
IMPORTANT: For detailed information about the device states, the secure Root of Trust (RoT), and tools provided to support the security subsystem, see the RSL15 Security User's Guide. |
Secure Boot Process
There are a limited number of steps involved when evaluating the secure Root of Trust (RoT) in the secure state:
- Verify the peripheral ID.
- Get the current life cycle state.
- Secure debug authentication:
- If debug certificates are available, they must be validated.
- If valid, debug facilities need to be enabled.
- Image verification phase:
- Verify the certificate chain.
- Handle key certificates.
- Handle content certificates and content.
- Lock resources.
- In the case of an error occurring during this flow, abort the boot sequence in a secure state.
- If validation completes and the image is authenticated, execute the validated image.