Secure Boot#

Secure Boot focuses on assuring the integrity, authenticity and confidentiality of firmware during device boot, with the goal of enforcing control over what software may execute on the device. This prevents unauthorized malware from compromising the system, providing a safe and secure environment in which application software may run.

This section describes how DriveOS implements secure boot, and how manufacturers should configure their devices to enable DriveOS secure boot features:

  • Secure boot architecture overview

  • Signing code for release

  • Embedding keys at manufacturing

  • Revoking signing keys

  • Safely bypassing secure boot for diagnostics