Secure boot is disabled by default. The secure device configuration states are:
-
Open: This is the default state. An open device does not have secure boot enabled and will boot any bootloader image, regardless of whether the signature is invalid or if no signature is attached at all. However, when a signed bootloader image is used, the ROM loader attempts to validate it and generates events if the bootloader image is not properly signed. You can use this behavior to verify the images before you close a device. Open devices use a default test key for encryption and decryption.
-
Closed: In the closed state, secure boot features are enabled and only properly signed bootloader images will boot the device. Closed devices use the OTPMK (One Time Programmable Master Key) for encryption and decryption.
Secure boot can be divided into two distinct processes:
-
Manufacturing: The device is programmed in a secure environment that protects the authentication and encryption keys.
-
Deployment: The image signature is verified at boot and the images are decrypted.