1. What is the Secure boot and firmware update
o Secure boot and firmware update, allows to ensure only authorized software can be executed on the device. - It uses cryptography to verify the next stage code and any metadata. Execution of the next stage proceeds only if any validation checks on the verified metadata pass. This include version comparison, boot conditions, … o The secure boot Consider reset of the platform through an immutable code. • Immutability can be guarantied thanks to ROMCode technology, or any mechanisms that allows to make code immutable. • This immutable code must be small, simple and verifiable. This minimize the risk of a vulnerability that cannot be corrected. The complex steps are handled by the next stage.
o Secure Firmware update: Allows to ensure the secure update of the stage following the Immutable code. Could be implemented following different strategies. But in all cases must take care of version control.