Hex-Five-Labs
commented
9 months ago What are these 2 [boot] stages? stage-0: check integrity and authenticity of multizone kernel and policies. stage-1: setup and optionaly load zones code
and what contains this signed firmware image (only zones?)? kernel and config policies. no zones code.
Does it mean that the kernel will be executed and then call the [HiFive1] bootloader? It depends. Please contact the board maker for board boot configuration options.
Could you please give further details about how the secure boot process of the MultiZone works?
In the paper "Multi Zone Security for Arm Cortex-M Devices", it is explained like that: "" TEE Secure Boot Process. The TEE implements a 2-stage secure boot loader to verify the integrity and authenticity of the firmware image (SHA-256) and to minimize runtime memory footprint and target attack surface. "" What are these 2 stages and what contains this signed firmware image (only zones?)?
Because in case of HiFive1 Rev B board (Reference Application): The Multizone Kernel (Runtime) is flashed to 0x20010000 and bootloader is flashed to the 0x20012000 (see picture below). Does it mean that the kernel will be executed and then call the bootloader (boot section the picture below) which will check the integrity and authenticity of the zones? Or is the boot section the signature of the zones?
I would be really happy, if you can explain me the further details of how the secure boot flow really works?