A live broadcast + 2 notes, practice and understand the Linux secure boot steps of MPU

nmg

A live broadcast + 2 notes, practice and understand the Linux secure boot steps of MPU [Copy link]

The term secure boot seems to be uncommon. Maybe it is rarely involved in MCU development? I think it is more related to bootloader. If you want to know more, welcome to follow the 19-year embedded engineer to interpret secure boot on August 4 (next Tuesday). In addition, I recommend two related application notes in the microchip library. You can also read them if you are interested.

A live broadcast: August 4th Microchip Microprocessor Secure Boot Theme Live Broadcast

Microchip engineer Zhang Yifeng, who has 19 years of experience in microprocessor application development and embedded LINUX application development, will explain the secure boot process of MPU-SAMA5D2:
-Why do we need secure boot?
-What is secure boot?
-How to boot securely?

-SAMA5D2 Secure Boot Process

-Encryption solutions

>>Click here to register for the live broadcast

Chinese application note: AN2748 - SAMA5D2 Linux Secure Boot

---

SAMA5D2 series MPU supports two boot modes: normal boot and secure boot.

• Normal boot mode is used when loading an unencrypted/unsigned program from external memory at boot time. This mode of operation is suitable for many designs and is very suitable for the development process because the modified code can be run with minimal debugging.

• Secure Boot mode is used when an encrypted/signed program is loaded at boot time. Designs that use this mode usually require that the image loaded at boot time is trusted and authorized to run on a secure system. In addition, some software uses encryption to hide content.

AN2748- SAMA5D2 Linux®安全引导.pdf (1007.94 KB, downloads: 5)

2020-7-31 11:47 上传

点击文件名下载附件

The application note describes how to boot the Linux kernel as a secure application using the SAMA5D2 MPU. Secure boot helps prevent unauthorized software from booting on the SAMA5 MPU.

Contents

Software components of the system

• ROM Code (First Stage Bootloader)

• AT91bootstrap Bootloader (Second stage bootloader)

• U-Boot bootloader (optional third-stage bootloader)

• Linux kernel/device tree binaries

• Root file system

Secure Boot Tasks

Encryption usage in secure boot

Development Process

U-Boot Verified Boot

AT91bootstrap configuration

More steps

Chinese application note "AN2791 - Booting the SAMA5D2 MPU from external non-volatile memory (NVM)"

---

Unlike MCUs, MPUs do not have flash memory and therefore rely on different types of external non-volatile memory (NVM) to implement the boot process.

The on-chip ROM contains an initial bootloader that starts an in-system programmer, which allows a PC to load a user application into the NVM and set up the boot process. Microchip's SAM Boot Assistant (SAM-BA) tools write the user application into the external NVM and set up the boot process, and these tools run on a PC and connect to the SAMA5D2 in the system through a USB, RS-232 or JTAG link.

The Secure SAM-BA tool can be used to enable and configure secure boot mode on the SAMA5D2, thereby building a root of trust for the boot chain.

AN2791-从外部非易失性存储器（NVM）引导 SAMA5D2 MPU.pdf (321.42 KB, downloads: 2)

2020-7-31 11:47 上传

点击文件名下载附件

This application note describes the boot process of the Arm Cortex-A5 based SAMA5D2 microprocessor (MPU) and discusses the technical aspects of booting the SAMA5D2 MPU from an external NVM.

Main content:

What does the ROM code do?

Supported external non-volatile memory (NVM)