Overview

Secure Boot aims to achieve firmware protection by preventing malicious modification or replacement of firmware by attackers. When Secure Boot is enabled, the ROM verifies the firmware signature during chip power-on. If authentication succeeds, the firmware is confirmed secure and subsequent boot processes continue; otherwise, the SoC clears the stack and enters a dead loop. Users do not need to implement Secure Boot code themselves, as this functionality is already integrated into the SDK. The axf2bin.py script provided by Realtek can generate firmware public keys, public key hashes, and corresponding firmware signatures. This script also allows users to generate other signed content to be embedded in the firmware. The Secure Boot principle is illustrated below:

Manifest is a binary file independent of the runtime firmware, storing information such as firmware version, encryption algorithms, and firmware signatures. The Manifest has a fixed size of 4KB and is embedded at the beginning of the firmware image. The following components each contain a Manifest:

• Secure CPU Bootloader

• Key Certificate

• Application Firmware

The firmware verification process follows these steps:

1. Secure CPU Boot ROM verifies the Secure CPU Bootloader. All processes in Boot ROM and Bootloader run in Secure state.

2. Secure CPU Bootloader verifies the Key Certificate.

3. Secure CPU Bootloader verifies all remaining Application Firmware.