emSecure-Boot - Authentication at ROM level
Secure boot
- Customer authentication
- Firmware authentication, anti hacking
Exposed API
- Use of security functions from firmware
- Hardware authentication, cloning protection
Minimal hardware requirements
- Any CPU or architecture
- 8 kByte boot ROM
- 4 kByte work RAM (only during boot, re-usable by firmware)
- 16 bit one-time programmable (OTP) storage
- Optional: Unique device identifier (UID)
Low latency
- Typ. 10 - 200 ms
What is emSecure-Boot?
emSecure-Boot is a software module to secure the firmware running on a system. It is implemented in the ROM of a microcontroller or SoC and executed on boot of the system, before jumping to a user application (firmware).
emSecure-Boot enables authentication of the chip customer, the firmware memory, and the hardware unit. It provides counter measures against the firmware being hacked or modified by third parties, and against being cloned to counterfeit systems.
Why should I use emSecure-Boot?
Most embedded systems, which are based on a microcontroller, are an easy target for firmware hacking.
Flash contents can usually be modified or replaced with simple tools. Firmware update capabilities might make this process even simpler and applicable at large scale.
If a hack, or hacking mechanism for a system, becomes public, it is often abused to
- enable add-ons of the system, which should only be available at a higher-tier product variant, financially harming the product developer.
- circumvent other anti-hacking or anti-cloning mechanisms, which enable production of possibly cheap and bad counterfeits, harming the developers profits and reputation, and possibly customers, too.
- modify execution to run outside of hardware specification, putting the system and its surroundings under the risk of physical damage.
- extract confidential resources, such as encryption keys, from the system, enabling execution of potentially harmful code from unverified sources.
- take over the system and its communication interfaces to gain access to networks, attack other products or computers, or spread viruses, creating threats of unpredictable scale.
emSecure-Boot adds security to prevent this.
As a silicon vendor or chip designer, you might want to enable your customers to create a secure system and implement these crucial features in your devices.