According to leaders in the industry, the pre-boot environment has come under attack via rootkits and bootkits. These types of attacks are insidious and not detectable by high-level operating systems or anti-virus software. Secure boot is a security standard to prevent against attacks to the pre-boot firmware environment.
Soteria is highly configurable custom firmware that runs on CEC17x2 devices to provide a complete platform to establish a chain of trust for platform firmware resiliency. Soteria-G1 runs on the CEC1702Q-S1 and Soteria-G2 runs on the CEC1712Q-S2. The Soteria solution is designed to work with virtually any application processor that meets two criteria:
The Soteria secure boot firmware provides a platform firmware resiliency solution that meets the NIST SP 800-193 guidelines. It uses the immutable secure bootloader implemented in CEC1702/CEC1712 ROM as the system Root of Trust (RoT). The secure bootloader loads, decrypts and authenticates the firmware from the external SPI Flash. The validated CEC1702/CEC1712 code is designed to authenticate the application processor firmware in the same SPI Flash. Up to three additional SPI Flash components can be supported.
Soteria prevents the system from booting unless the application host’s firmware that is stored in the external SPI Flash is authentic code signed by the OEM. It offers security features to authenticate and optionally decrypt the SPI Flash image in the external SPI Flash device.
The application processor can utilize the crypto resources in the CEC1702/CEC1712 to authenticate other code in the system, thereby extending the chain of trust to ensure that all code running in the system is authorized. Soteria uses the same mechanisms to ensure that platforms only perform secure firmware updates.
By design, the Soteria can be a simple black-box secure boot solution or customizable firmware that provides secure boot, extended security features and runtime secure commands via a host interface.
Soteria is available under a Signed License Agreement (SLA). Contact a Microchip sales representative or authorized worldwide distributor to execute the SLA.
The CEC1x02 device family provides a variety of robust hardware-based crypto algorithms to meet your protection needs.
Everybody today is worried about security. We see the market moving to authenticated boot as a way to protect your overall system. One of the worries is that when you try to boot your system, it won’t work because someone has compromised it.
One solution being adopted is secure boot which ensures the integrity of the software running on a platform. We provide secure boot capabilities to ensure the authentication of the embedded firmware prior to boot of the system. Secure boot relies on public/private keys to verify the digital signature of the code before execution. This confirms that only the code which you intend to be loaded is loaded and used, protecting your system from malicious code. Every time you boot the machine, you have the exact same expectation of the performance of your machine.
Key revocation allows public/private key pairs used for authentication to be permanently retired. This feature may be used as a preemptive solution for aging keys or as a defense mechanism if a private key becomes compromised, allowing the code image to be altered or hacked by an unauthorized entity. Key revocation is a simple method for preventing code signed by a specific key from being used in the system. The system must implement multiple keys to use the key revocation feature.
Code roll-back is used when you need to prevent an old image from running. This should be performed using a secure update process.
|CEC1302 Crypto API User's Guide||Download|
|CEC/MEC Family Devices ROM API User's Guide||Download|
|CEC1x02 Development Board User’s Guide||Download|
|CEC1302 Peripheral Interface User's Guide||Download|
|CEC1702 Quick Start Guide||Download|
|CEC1702 Efuse Generator Tool User's Guide||Download|