[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage

In this post, we will learn about application security technologies, which are security defense measures applied to protect the controller from external intrusion.

Secure Boot

Secure Boot is a very important security mechanism in a vehicle’s controller. By ensuring the integrity of the initial software running during the controller’s boot sequence, it ensures that the vehicle’s core systems have not been tampered with. This process greatly improves the overall safety and security of your vehicle. We will explain in detail the principles and importance of Secure Boot.

This image shows concept of secure boot

How Secure Boot Works

1. Boot Initialization:

  • When power is applied to the controller or reset, the boot ROM of the controller executes the bootloader first. This bootloader is responsible for initial setup and verification before loading the operating system or main application software.

2. Integrity Verification:

  • Secure Boot verifies the integrity of the bootloader before executing it. This verification process is typically accomplished using digital signatures or hashes. The bootloader’s digital signature is created during the manufacturing process and is securely stored in the controller’s firmware.

3. Conditional Execution:

  • If the integrity of the bootloader is confirmed during the verification process, the system will run the bootloader and continue the normal boot process. If the integrity verification fails, the system stops booting, often enters recovery mode or issues an alert to the administrator.

Importance of Secure Boot

  • Enhanced Security: Secure Boot prevents the controller from booting due to tampered software, ensuring the vehicle’s core systems remain safe. This significantly reduces the likelihood that an external attacker can take control of the vehicle by manipulating the software.
  • Reliability Guaranteed: Maintains the safety of drivers and passengers by ensuring that the vehicle’s control system runs only on trusted software. This is important to increase vehicle reliability and driver confidence.
  • Regulatory Compliance: Many automotive safety regulations and standards require vehicle manufacturers to ensure the integrity of their systems. Secure Boot is essential to meeting these regulatory requirements.

Secure Boot Procedure

  1. When the host bootloader is programmed and booted for the first time, a MAC value (MAC ref) of the bootloader is created and stored in safe storage inside the HSM (Hardware Security Module).
  2. Each time you boot, the MAC value (MAC boot) of the bootloader is dynamically calculated before executing the bootloader.
  3. Verify by comparing the calculated MAC value (MAC boot) with the initially stored MAC value (MAC ref).
  4. Allow the host bootloader to boot normally only if the comparison results match.


Secure Debug

Secure Debug is an important function that enhances the security of the controller and allows the debugging interface to be used only when necessary even after production. This system prevents unauthorized access through the controller’s debugging port, playing an important role in preventing arbitrary extraction or manipulation of firmware. Let’s take a closer look at the importance of this feature and how it is implemented.

Importance of Secure Debug

1. Firmware Protection:

  • Secure Debug maintains the security of controller firmware. By preventing unauthorized access through the debugging interface, it prevents firmware from being leaked or manipulated to the outside.

2. Maintain system integrity:

  • Plays a key role in protecting the system integrity of the controller. Ensures that the system is not left in a security vulnerable state and minimizes the possibility of an attacker tampering with the system.

3. Regulatory Compliance:

  • Many industry regulations require security management of debugging ports as a security mechanism for products. Secure Debug is essential to meeting these regulatory requirements.

How Secure Debug works

1. Access Control:

  • Secure Debug allows the use of debugging ports only through authenticated procedures. Authentication is typically performed using password authentication, digital certificates, or other security tokens.

2. Temporary Activation:

  • The debugging interface is only temporarily activated when needed. Once permission is granted, access is only available for a limited time, after which it is automatically deactivated again.

3. Security Logging:

  • All debugging activities are logged. This will be important data for future security audits and analysis. Contains information about who used the debugging interface, when, and for what purpose.

Implementation of Secure Debug

1. Use Host Debug Controller:

  • Secure Debug is generally implemented using the Host Debug Controller function provided by CHIP. This controller is designed to require authentication before debugging commands can be executed.

2. Role of HSM (Hardware Security Module):

  • HSM plays an important role in allowing or blocking debugging access to the host and the HSM itself. This module performs secure key management and encryption tasks, ensuring debugging access is secure.

3. Limit debugging scope:

  • Secure Debug temporarily allows debugging interface through an authenticated procedure, but this scope is limited to the Host only. Access to HSMs is strictly prohibited, further enhancing the level of security.

Key considerations

  • Implementation differences per CHIP:
    • Secure Debug function may vary for each CHIP. You must develop a Secure Debug concept that suits the characteristics of each CHIP, propose it to the OEM (Original Equipment Manufacturer), and receive approval.
  • Password Personalization:
    • If CHIP provides a password-based Secure Debug function, it is recommended to apply a different password to each mass-produced product. This strengthens the security of each product individually and reduces the risk of batch attacks.


Secure Storage

Secure Storage is an important function that safely manages and protects security data inside the vehicle controller. This function is implemented specifically using the Hardware Security Module (HSM) and ensures the confidentiality and integrity of data. This system encrypts and stores sensitive data and strictly controls access rights to protect data from unauthorized access or alteration. Here we take a closer look at what Secure Storage does, how to implement it, and any special considerations.

Key features and importance of Secure Storage

1. Data Protection:

  • Important data, such as encryption keys and bootloader information, are stored in HSM’s Secure Storage. The confidentiality and integrity of this data are very important and must be protected from unauthorized external access.
  • Examples of information to be protected in Secure Storage
Protected AssetSecurity AttributeDescriptionRemarks
Bootloader MAC KEYConfidentiality/IntegritySecret key for creating bootloader MACSecure Boot
Bootloader MAC RefIntegrityMAC value referenced when verifying bootloader integritySecure Boot
Public keyIntegrityPublic key used for electronic signature verificationSecurity updates
OEM authentication server public keyIntegrityOEM authentication server public key used to verify diagnostic equipment certificatesSecurity controls
JTAG PasswordConfidentiality/IntegritySecure Debug

2. Access Permission Control:

  • Data stored in Secure Storage can only be read and written by HSM. This strictly controls access to data and increases data safety.

3. Integrity Verification:

  • A procedure to verify the integrity of data is required before use. This is used to ensure that the data has not been tampered with during storage or transmission.

Implementation method

  • Secure Storage inside HSM:
    • HSM provides a security-enhanced storage area to safely store sensitive data. This area is encrypted and cannot be accessed by any system outside the HSM.
  • Encrypted Storage:
    • All stored data must be encrypted. This maintains data confidentiality and ensures data safety in case of unauthorized access.
  • Access Block:
    • After production release, access to Secure Storage through the debugging interface is strictly prohibited. This is a measure to prevent unauthorized access.

Special considerations

  • Types of CHIP:
    • If CHIP does not provide a data area dedicated to HSM, a specific sector of the host data area can be utilized as Secure Storage. At this time, the memory area must be encrypted and the host’s logical access must be completely blocked.

Secure Storage is an essential function that safely protects the controller’s important data and greatly contributes to vehicle manufacturers strengthening vehicle security. This feature plays an important role in maintaining vehicle reliability and protecting against cyber threats. These security systems form an important part of the vehicle’s overall security architecture and require constant maintenance and updates.


[Cyber Security] 1. ISO/SAE 21434 Basic

[Cyber Security] 2. TARA

[Cyber Security] 3. cyber security cryptography technology

[Cyber Security] 4. External, internal communication security and GATEWAY security

[Cyber Security] 5. Security Controls : Diagnostic Security Features

[Cyber Security] 6. Access Control : Diagnostic Security Features

[Cyber Security] 7. Security Updates : Diagnostic Security Features

[Cyber Security] 9. Other application security

[Cyber Security] 10. Common Security Requirements

Leave a Comment