+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

ESS-04: Secure Boot

ESS-04 : Ellipsys-Secure Boot (SB) is a bootstrap loader that can greatly enhance the security of embedded systems by cryptographically verifying (and optionally decrypting) that the code being loaded and executed is authentic and has not been tampered with. The solution includes developer tools to assist with deployment issues such as security updates, code signing and image building.

Ellipsys-SB is part of the Ellipsys Trust Framework which is Elliptic’s platform security solution to help device manufactures and system providers protect their product from tampering, cloning, and other threats. Ellipsys-SB is a bootstrap loader that greatly enhances the security of embedded systems by cryptographically verifying (and optionally decrypting) that the code being loaded and executed is from a trusted source and has not been tampered with. The solution includes developer tools to assist with deployment issues such as security updates, code signing, and image building.

Secure environments like ARM TrustZone® are a solid foundation for security solutions in Embedded Systems. Ellipsys-SB is an ideal fit for the ARM TrustZone architecture and it allows TrustZone enabled processors to boot into a secure state.

Once a feature of high security applications, the techniques are now being adopted in a broad range of products such as mobile phones, set-top boxes and networking systems such as base stations, routers and other infrastructure devices.

There are a number of variants for secure boot based on a blend of hardware cores and embedded software with options available for asymmetric and symmetric cryptographic approaches. Ellipsys-SB can work as a standalone solution or in tandem with other Ellipsys Trust Framework companions, such as Ellipsys-Certification Authority (CA) and Ellipsys-Virtual Security Module (VSM).

 

Features

  • Enabler for anti-tampering and anti-cloning systems
  • Design IP protection
  • Multi-phase loader cryptographically validates a phase before loading it
  • Highly configurable, flexible and reliable
  • Supports industry standard protocols and algorithms
  • Support for hardware assist to speed boot time
  • Secure access to engineering mode bypasses application loading for lab debugging purposes
  • Run-time checking capability during system operation
  • Tuneable for different product flows and economics
  • Low footprint solution
  • Available under binary or C language source code licenses

 

Benefits

  • Complete solution
  • Highly configurable, flexible and reliable
  • NIST CAVP Certified
  • Optimized for size and performance GPL-Free Code
  • Platform/OS agnostic
  • Significantly reduces development cycles
  • Optional support for hardware acceleration and offload for embedded processors

Applications

  • Anti-tampering and anti-cloning
  • Design IP protection
  • Content protection
  • Feature control and decommissioning

Downloads

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.