SECURE BOOT for ARMv8

Secure Boot is a hardware-anchored security mechanism that ensures only authenticated and trusted firmware and software components execute during system startup. It establishes a chain of trust beginning from immutable hardware and extending up to the operating system and user applications.

This mechanism is widely used in mobile system-on-chips, automotive electronic control units, IoT devices, networking platforms, and modern server systems to prevent execution of malicious or unauthorized firmware.

ARMv8 Security Architecture Overview

TrustZone Technology

ARMv8 architecture provides TrustZone technology which divides system resources into two logical security states:

• Secure World
• Non-Secure World

Sensitive firmware components such as cryptographic services, trusted applications, and secure storage execute in the Secure World, while general operating systems and user applications execute in the Non-Secure World.

After system reset, processor execution begins in the Secure state at Exception Level EL3. This level acts as the root control point for security initialization and secure boot enforcement.

Exception Levels

• EL3 – Secure monitor and root firmware
• EL2 – Hypervisor level
• EL1 – Operating system kernel
• EL0 – User applications

Hardware Root of Trust

The foundation of secure boot is the Hardware Root of Trust. It typically consists of immutable boot ROM code, public key hash storage in eFuse or one-time programmable memory, and secure configuration fuses that define device security policies.

Boot ROM responsibilities include basic hardware initialization, boot device selection, loading the first stage bootloader, and performing cryptographic authentication of the loaded firmware image.

If authentication fails, the system may halt, enter recovery mode, or attempt booting from an alternate source depending on platform configuration.

Chain of Trust in Secure Boot

Secure boot follows a staged verification process where each firmware stage verifies the authenticity and integrity of the next stage before execution is transferred.

Stage 0 – Boot ROM

• Immutable code embedded in silicon
• Contains root public key or key hash
• Authenticates first stage bootloader

ROM → Verify BL1 → Execute

Stage 1 – First Stage Bootloader

• Executes in Secure EL3
• Initializes on-chip memory and external DRAM
• Configures TrustZone memory protection
• Authenticates and loads second stage firmware

Stage 2 – Trusted Boot Firmware

• Loads secure runtime firmware
• Loads trusted operating system
• Authenticates non-secure bootloader

Stage 3 – Secure Runtime Firmware

• Implements secure monitor functionality
• Handles transitions between security states
• Provides power management and system control interfaces

Stage 4 – Trusted Operating System

• Executes in Secure EL1
• Provides cryptographic APIs and secure storage
• Supports trusted applications and digital rights management

Stage 5 – Non-Secure Bootloader

• Executes in Non-Secure EL2 or EL1
• Loads kernel image, device tree, and root file system
• May perform additional authentication of operating system images

Stage 6 – Operating System

• Kernel verification mechanisms may include verified boot frameworks
• Runtime file system integrity may be enforced using hash trees

Cryptographic Mechanisms

• SHA-256 or SHA-384 hashing for integrity measurement
• RSA-2048 or RSA-3072 signature verification
• Elliptic Curve Digital Signature Algorithm such as P-256 or P-384
• Optional AES encryption of firmware images

Elliptic curve cryptography is increasingly preferred due to reduced key size, faster verification, and lower memory requirements.

Secure Memory Configuration

Early boot firmware configures hardware security controllers such as TrustZone Address Space Controller and TrustZone Protection Controller. These mechanisms enforce access restrictions to secure memory regions and prevent non-secure software from accessing sensitive firmware components.

Anti-Rollback Protection

Secure boot implementations may enforce firmware version control using monotonic counters stored in secure fuses. This prevents loading of older firmware images that may contain known vulnerabilities.

Measured Boot and Attestation

Measured boot extends firmware measurements into trusted platform registers, enabling remote verification of platform integrity. This capability is useful in enterprise and cloud security deployments.

Secure Debug and Lifecycle States

Devices may support multiple lifecycle states including development, provisioning, secure production, and return-for-service modes. Debug interfaces such as JTAG may be disabled, authenticated, or restricted depending on device lifecycle configuration.

Through hardware root of trust, staged authentication, memory isolation, and modern cryptographic techniques, ARMv8 secure boot provides a robust mechanism for ensuring platform integrity from power-on through operating system execution.