CEC173x Trust Shield and Secure Boot
Learn more about the secure bootloader from the CEC173x Trust Shield family of products with advanced security measures.

CEC173x Trust Shield: Fortifying Cybersecurity with Immutable Bootloader
In the ever-evolving landscape of cybersecurity, the demand for robust solutions to safeguard sensitive data and systems is extremely high. The CEC173x Trust Shield family is a cutting-edge family of products fortified with advanced security measures. At the heart of the CEC173x family's security architecture lies the immutable secure bootloader, which is strategically implemented in ROM as part of its hardware root-of-trust solution and a cornerstone of platform firmware security features. This bootloader acts as the guardian at the gateway, ensuring that only authenticated and unaltered firmware can be executed on the system’s application processor. The bootloader of the CEC173x, described more fully below, can be programmed and customized using our Trust Platform Design Suite (TPDS) software.
Soteria Firmware: Authenticated Chain of Trust
Soteria-G3 Firmware, an integral part of the CEC173x family's security ecosystem, takes the reins after the secure bootloader's initial authentication. Designed with user-friendly customization in mind, Soteria enables a suite of platform firmware security features that maintain firmware integrity in real-time (or during time of use). Features such as real-time SPI Monitoring, Physically Unclonable Function (PUF)-enabled component attestation, life cycle management and others will be explored in future blog posts.
Power-Up Prowess: Ensuring Code Integrity
At boot time, the CEC173x is the first device to power on. It begins by holding the Application Processors (APs) in reset and isolating them from their external Flash components. The Trust Shield’s boot ROM then drives an AP image from an external Flash into its own internal SRAM. There, it attempts to establish a digital signature using methods of asymmetric authentication customized by the OEM. If successful, the AP is released from reset and code is allowed to execute. If unsuccessful, a backup (or golden) image can be authenticated.
The meticulous yet fast authentication process ensures that only genuine code gains access to the CEC173x family's system, laying the foundation for a secure runtime environment.
Dynamic Authentication
In addition to secure boot, the CEC173x family supports in-field firmware updates. The same mechanism of asymmetric authentication will establish a digital signature with new code images (programmed directly or over the air) and push them to the external SPI Flash components.
Code rollback is also supported, which allows a user to revoke the authentication of a previously valid firmware image. This prevents patched vulnerabilities from being exploited and enables the longevity of the platform root of trust.
Trust Platform Design Suite (TPDS)
The CEC173x family's secure boot feature, empowered by the immutable secure bootloader and supported by other Soteria-G3-enabled features, strengthens and enhances a platform’s firmware resiliency. To learn more about how to customize these features to your needs, download our Trust Platform Design Suite (TPDS) software and contact your local sales representative to access pertinent documentation.