Visible to Intel only — GUID: ray1493910783172
Ixiasoft
1. Overview
- The boot ROM
- The secure device manager (SDM)
- The Secure Monitor
- The UEFI boot loader
The Intel Stratix 10 SoC secure boot flow ensures that the system boot loader is signed with a cryptographic key, validated by the firmware.
The Secure Monitor stage also implements the TrustZone* model of secure partitioning. This model divides the software environment into two isolated partitions, called the secure world and the non-secure world. The two worlds can only communicate with each other through the Secure Monitor.
The binary image of the UEFI boot loader can be stored on Quad SPI flash SD/MMC card. On board power-up, the secure device manager (SDM) loads the Secure Monitor directly onto Hard Processor System (HPS) on-chip RAM. Then the Secure Monitor loads the UEFI boot loader in HPS DDR memory.
- Initializing DDR SDRAM memory
- Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed by nonsecure world software
- Providing Ethernet support
- Supporting basic hardware diagnostic features
- Fetching subsequent boot software such as the operating system package or kernel image.