Secure boot systems, even secure boot systems on reprogrammable devices, typically boot up into a secure mode that does not easily allow for renewing the secure boot code. For example, some systems employ a one-time programmable boot code that is burned into the chip. To renew the boot code, the entire chip must be replaced.
Other systems may employ a fixed secure boot loader, which may then call a renewable boot routine, but such a renewable boot process can be insecure. For example, in such cases, it may be possible to remove the updated boot code and replace it with the previous version boot code (which ostensibly has bugs that may be exploited by an attacker) and thus gain access to the system.
Thus, it is desirable to have a method by which a secure boot may be implemented in a renewable fashion on a reprogrammable device.
These, and other, aspects of the disclosure will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following description, while indicating various embodiments of the disclosure and numerous specific details thereof, is given by way of illustration and not of limitation. Many substitutions, modifications, additions and/or rearrangements may be made within the scope of the disclosure without departing from the spirit thereof, and the disclosure includes all such substitutions, modifications, additions and/or rearrangements.