2. Secure Boot Overview¶
2.1. System Architecture¶
The DA14682/DA14683 sources its running firmware from an external QSPI Flash device as shown in Fig. 1.
Fig. 1 Secure Boot Overview
This architecture has several advantages for building a power efficient IoT device but it also introduces some challenges relating to security:
- the external QSPI could be replaced
- the external QSPI content could be modified
These challenges are addressed by the secure boot architecture.
2.2. Secure Boot Architecture¶
This section assumes the reader is already familiar with the secure boot architecture and the boot procedure of the DA14682/DA14683. If you are not familiar, or you need a refresher, a good introduction is the System Overview section of the Datasheet, in particular the BootROM Sequence and Security subsections.
The secure boot strategy is built on two main blocks; the Secure Key Area and the Secure Boot Loader (SBL).
The Secure Key Area is a specific OTP area that stores the symmetric keys used to validate the firmware image during the boot procedure. Symmetric keys must remain private to ensure security. The Symmetric Keys Area (SKA) subsection (in the Security section) of the Datasheet explains how this area is designed to store those keys
The SBL is an additional boot loader which is written in the DA14682/DA14683 OTP memory. The SBL is in charge of the following tasks as described in Fig. 2:
- Check the device integrity. Verify the OTP content (that is the SBL itself) has not been altered, see Fig. 3.
- Perform pending firmware upgrades, which include validation of the firmware, see Fig. 4.
- Launch the execution of the application firmware when it’s safe to do so.
Fig. 2 Secure Main FSM
In order to ensure the secure boot CRC has not been altered, it is stored along with its bit inverted value. The properties of the OTP (bits can only be toggled from 0 to 1) make it impossible to alter the CRC and keep consistent with its inverted value.
Fig. 3 Secure Boot Loader Integrity Check
Fig. 4 Secure Boot Firmware Validataion