Abstract
Techniques are described for managing multiple secure-boot trust chains for firmware development and release on devices that support multiple hardware roots of trust. A provisioning pipeline generates a device configuration image that activates a selected non-production root index and is cryptographically bound to a device identifier such as an SoC serial number. The configuration image is signed using a production root to bootstrap trust, and activation may be policy-gated and generated in an event-driven manner with storage for fast retrieval. A signing service, backed by hardware security modules, signs firmware artifacts via authenticated service-to-service RPC and supports build-time selection between development and release signing modes. In some embodiments, separate roots are used for production, internal development, and OEM development to provide isolated trust chains while preserving a secure boot verification flow across modes.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Anonymous, "Multi-Root Trust Chain Management for Secure Boot Firmware Development and Signing Infrastructure", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10624