Grouping of Boot Images

Authenticating each boot firmware binary to maintain chain of trust requires a great deal of time. Consequently, for boot time optimization, a new mechanism to group boot binaries is provided. A minimum of one, and up to a maximum of four, binaries can be made to form a group and refer to a single header as Boot Component Header (BCH) for a group. BCH has sha512 checksum for each binary in the group. BCH is prepended to the binary that is loaded first in that group.

During boot, BCH is authenticated and firmware binaries in the group are hash validated. This mechanism helps avoid authentication time for individual binaries.

For best practices and good design, consider these limitations when grouping the boot binaries:

1. Firmware loaded by the same loader can form a group.

   For example:

   • Firmware loaded by the kernel, kernel-dtb and ramdisk can form a group.
   • Firmware loaded by MB2 i.e. bpmp-fw, bpmp-dtb, cpu-bootloader can form a group.
   • Firmware loaded by different loader cannot be part of a single group; the system cannot boot.
2. BCH must be prepended to the first binary loaded in the group. Consequently, the load order must be verified before grouping.

   For example, if kernel, kernel-dtb and ramdisk are grouped together then BCH must be present on kernel.

3. Boot image partition under a group must be updated together.
4. Grouping of NVIDIA signed binaries such as MB1, MTS-Preboot, MTS-BootPack cannot be changed by the OEM.