SPRADO0 November   2024 F29H850TU , F29H859TU-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
  5. 2The Need for a Comprehensive Security Approach
  6. 3Cryptographic Functions
    1. 3.1 Encryption and Decryption
    2. 3.2 Hashing, Digital Signing, and Authentication
    3. 3.3 Random Number Generators (RNGs)
  7. 4Establishing a Root of Trust
    1. 4.1 Secure Storage of Secrets
    2. 4.2 Preserving Key and Code Security
    3. 4.3 Secure Boot
  8. 5Secure Execution Environment
  9. 6Security Countermeasures
  10. 7Debug Security
  11. 8Conclusion

4 Establishing a Root of Trust

As previously established, nominally securing the chip boundary is not sufficient to ensure code integrity, due to the myriad ways the application can be compromised or injected with malware. Establishing a root of trust provides two important benefits to bridge this gap:

  • Ensures that the device always boots up with trusted code
  • If the application is compromised, enables the device to return to trusted code, preventing malware from continuing to run.

The root of trust is a fundamental concept in the security of embedded systems. It refers to a set of hardware, firmware and software components that perform critical security functions, and are trusted by the rest of the system. These critical functions can include the storage of secrets such as encryption keys, authentication and attestation of secondary keys and user code, and cryptographic services. The root of trust forms the first link in a chain of trust that ensures the integrity of application software throughout code execution. The memory element containing root-of-trust functions must be immutable, that is, unchangeable and unmodifiable. ROM, e-fuses, and one-time-programmable or permanently locked Flash are examples of immutable memory.