Secure Booting - Samsung S5PC110 Manual

S5PC110_UM 6 BOOTING SEQUENCE

6.2.5 SECURE BOOTING

The basic criterion for security system is "The 'root of trust' has to be hardware. You cannot request a software
system to 'validate' itself."
In S5PC110, the root of trust is implemented by iROM code in internal ROM. Therefore it cannot be modified by
unauthorized users. The hardware design proves the integrity of iROM code. On the other hand, the first boot
loader, the second boot loader and OS images are stored in external memory devices. Therefore, the iROM code
(that has already been proved as secure) should verify the integrity of first boot loader. If the integrity check
passes on first boot loader, the first boot loader is included in trust region. Then, first boot loader verifies the
integrity of the second boot loader, the second boot loader verifies the integrity of the OS image.
shows the secure booting diagram.
Figure 6-3
The secure booting sequence is as follows:
The iROM code
1. Checks the integrity of RSA public key using E-fuse RSA key hash value.
2. Loads the first boot loader to iRAM.
3. Checks the integrity of first boot loader using trusted RSA public key.
The first boot loader
1. Loads security software to iRAM.
2. Checks the integrity of software using trusted RSA public key.
3. Loads second boot loader to iRAM.
4. Checks the integrity of second boot loader using trusted RSA public key.
The second boot loader
1. Loads security software to iRAM.
2. Checks the integrity of software using trusted RSA public key.
3. Loads OS kernel and applications to DRAM.
4. Checks the integrity of OS kernel and application using trusted RSA public key
6-9