AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices

ID 683060
Date 3/29/2021
Document Table of Contents

Root of Trust and Root Key

The Root of Trust and the root key pair are the origin where the secure keys are generated. In this secured environment, you can also sign the boot image. A secure environment such as a device manufacturing site, retains the private key to protect it.

The manufacturer generates the root key pair. The root key is programmed into the SoC device and authenticates the software images. The image signing tool is run multiple times for each runtime software on the device. When security is compromised, you must generate a new public key.

Figure 3. Root of Trust