Arria® 10 SoC Boot User Guide

ID 683735
Date 4/03/2019
Public
Document Table of Contents

1.2.3.1.2. Secure Boot Flow

The main purpose of secure boot is to pass the chain of trust to the subsequent boot software. During a secure boot, the second-stage boot loader may authenticate or decrypt the subsequent boot image, depending on the current state registers in the Security Manager. In addition, the second-stage boot loader must ensure that the subsequent boot image is executed from secure memory such as on-chip RAM. The second-stage boot loader fits into the chain of trust as such:

Figure 10. Secure Boot Flow

The micro OS provides secure APIs to allow the application in the normal world OS to establish trusted services.

During a verified boot, the second-stage boot loader only authenticates the OS image and other images required by the OS. A flow for a verified boot is shown below.

Figure 11. Verified (Authenticated) Boot Flow

For both the secure and verified boot, the subsequent boot image must be executed in on-chip RAM while the second-stage boot loader is still executing from on-chip RAM. In order to accommodate this requirement, the authentication and decryption process might follow the following steps depicted in the next three diagrams, depending on the type of secure boot chosen.

Figure 12. Second-Stage Boot Loader Authentication Process
Figure 13. Second-Stage Boot Loader Decryption Process

Decryption is optional and is not required for secure boot. Upon entry into the second-stage boot loader, the CSS engine is enabled. The second-stage boot loader decrypts the subsequent boot image and disables the CSS engine upon exit.

Figure 14. Second-Stage Boot Loader Authentication and Decryption Process