Support for Immutable Portions in the Secure Bootloader
The concept of updateable and immutable portions of a secure processing environment is introduced in Overview of PSA Compliance. RSL15 has the following support for the immutable portions of the secure processing environment:
- A boot ROM that can handle a Secure Boot and Secure Debug process
- Hardware isolation of cryptographic functions and the storage of security-related assets
- Unique key storage and the concept of a hardware unique key
- A managed security life cycle as described in the RSL15 Security User's Guide
- Trusted subsystems providing a separation between the secure and non-secure environments, using TrustZone