An aspect of this invention generally relates to data processing devices and more particularly to securely generating derivative keys for execution environments in a boot chain.
Most secure electronic systems follow a well-established boot chain sequence for ensuring secure boot with a sequence of execution environments (EEs). The EEs may include a primary boot loader (PBL), a secondary boot loader (SBL), a high level operating system (HLOS) kernel and/or other trusted kernel code, a HLOS, and applications. Initially, the small and highly secure PBL, typically residing in read-only memory (ROM), is used for primordial boot after a power-on-reset. The PBL typically loads and verifies the SBL that resides in an external memory, for example, a flash memory. The SBL may load the HLOS kernel, or other highly trusted code on the device (e.g., ARM® TrustZone® kernel code). Subsequently, the HLOS may be loaded and verified. Finally, the applications may be loaded and executed. Each one of these EEs may require a secure key to encrypt and/or decrypt files, memory and/or other sensitive data assets. Furthermore, for security reasons, the key used by one execution environment (EE) should not be available to another EE. Moreover, for security purposes, the key used by more secure EEs (i.e., those that boot first or earlier in the boot chain sequence) should not be available to any less secure EE (i.e., those that boot later or last in the boot chain sequence).