LTE Module Series
SC20 Secure Boot User Guide
SC20_Secure_Boot_User_Guide Confidential / Released 6 / 15
1 Introduction
This document mainly introduces how to use the secure boot function of Quectel SC20 module.
Secure boot refers to the boot up sequence that establishes a trusted platform for secure applications. It
starts as an immutable sequence that validates the origin of the code using cryptographic authentication
so only authorized software can be executed. The boot up sequence places SC20 in a known security
state and protects it against binary manipulation of software and reflashing attacks.
A secure boot system adds cryptographic checks to each stage of the boot up process. This process
asserts the authenticity of all secure software images that are executed by SC20. The additional check
prevents any unauthorized or maliciously modified software from running on SC20. Secure boot is
enabled through a set of hardware fuses. For the code to be executed, it must be signed by the trusted
entity identified in the hardware fuses.
The flow to enable secure boot:
1. Configure OEM Key. The new keys can be used to sign images and generate sec.dat
2. Generate secure images, download signed images (use fastboot or QFIL tool)
3. Generate sec.dat and download it to SC20. Once secure boot fuses are blown, the device cannot
use other keys.
To Next Page
Loading...
