We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here
Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here
Complete your profile to access more resources. Update Here

CEC173x Trust Shield and Secure Boot

Learn more about the secure bootloader from the CEC173x Trust Shield family of products with advanced security measures.


CEC173x Trust Shield: Fortifying Cybersecurity with Immutable Bootloader

In the ever-evolving landscape of cybersecurity, the demand for robust solutions to safeguard sensitive data and systems is extremely high. The CEC173x Trust Shield family is a cutting-edge family of products fortified with advanced security measures. At the heart of the CEC173x family's security architecture lies the immutable secure bootloader, which is strategically implemented in ROM as part of its hardware root-of-trust solution and a cornerstone of platform firmware security features. This bootloader acts as the guardian at the gateway, ensuring that only authenticated and unaltered firmware can be executed on the system’s application processor. The bootloader of the CEC173x, described more fully below, can be programmed and customized using our Trust Platform Design Suite (TPDS) software.

Soteria Firmware: Authenticated Chain of Trust

Soteria-G3 Firmware, an integral part of the CEC173x family's security ecosystem, takes the reins after the secure bootloader's initial authentication. Designed with user-friendly customization in mind, Soteria enables a suite of platform firmware security features that maintain firmware integrity in real-time (or during time of use). Features such as real-time SPI Monitoring, Physically Unclonable Function (PUF)-enabled component attestation, life cycle management and others will be explored in future blog posts.

Power-Up Prowess: Ensuring Code Integrity

At boot time, the CEC173x is the first device to power on. It begins by holding the Application Processors (APs) in reset and isolating them from their external Flash components. The Trust Shield’s boot ROM then drives an AP image from an external Flash into its own internal SRAM. There, it attempts to establish a digital signature using methods of asymmetric authentication customized by the OEM. If successful, the AP is released from reset and code is allowed to execute. If unsuccessful, a backup (or golden) image can be authenticated.

The meticulous yet fast authentication process ensures that only genuine code gains access to the CEC173x family's system, laying the foundation for a secure runtime environment.

Dynamic Authentication

In addition to secure boot, the CEC173x family supports in-field firmware updates. The same mechanism of asymmetric authentication will establish a digital signature with new code images (programmed directly or over the air) and push them to the external SPI Flash components.

Code rollback is also supported, which allows a user to revoke the authentication of a previously valid firmware image. This prevents patched vulnerabilities from being exploited and enables the longevity of the platform root of trust.

Trust Platform Design Suite (TPDS)

The CEC173x family's secure boot feature, empowered by the immutable secure bootloader and supported by other Soteria-G3-enabled features, strengthens and enhances a platform’s firmware resiliency. To learn more about how to customize these features to  your needs, download our Trust Platform Design Suite (TPDS) software and contact your local sales representative to access pertinent documentation.

Brandon Weekly, Apr 4, 2024
Tags/Keywords: Security