Consider an attacker who attempts maliciously inject or modify the software images in storage. The earlier in the chain of loaded software that an attacker can compromise an image, the more control they gain. Device software is usually loaded in stages where each software image is often configured to have less authority and control than the previous image in the chain. Specifically, the first software image which is loaded has nearly complete control of the device. These first images to be loaded are called bootloader images.

If an attacker can replace the first software image to execute with their own malicious image, then they control the rest of the device’s execution. This makes the integrity of the boot chain critical. Replacing a bootloader image in storage with a malicious image could result in a persistent exploit that would control execution in that software image and any image to be run after it.

Implementing a “secure boot” chain is designed to ensure that each of these images are unmodified, and is one way of deterring malicious or dangerous software from executing. Qualcomm Technologies products offer a secure boot implementation and have for many years.

Secure boot is defined as a boot sequence in which each executable software image is authenticated by previously verified software. This sequence is engineered to prevent unauthorized or modified code from running. We build our chain of trust according to this definition, starting with the first piece of immutable software running out of read-only-memory (ROM). This first ROM bootloader cryptographically verifies the signature of the next bootloader in the chain, then that bootloader cryptographically verifies the signature of the next software image or images, and so on.