Intel Stratix 10 SoC UEFI Boot Loader User Guide

ID 683134
Date 6/19/2020

3.2. Building the Secure Monitor

As security becomes more and more important, a secured boot solution becomes a requirement in the embedded world. To ensure comprehensive security and a trusted platform, secure partitioning is required. The Intel Stratix 10 device achieves secure partitioning by implementing the TrustZone model with Arm* Trusted Firmware (ATF). The TrustZone model splits the computing environment into two isolated worlds, the secure world and normal world, which are linked by a software monitor called the Secure Monitor. The two worlds have separated logical address space and peripherals. Communication between the two worlds is only possible by calling the privileged Secure Monitor call (SMC) instruction.

The full secure boot solution is:
  • BootRom
  • Secure Device Manager
  • Secure Monitor
  • Uboot/UEFI
  • Hypervisor
  • OS

Secure Monitor mode is a privileged mode and is always secure regardless of the state of the NS bit. The Secure Monitor is code that runs in Secure Monitor mode and processes switches to and from the Secure world. The overall security of the software relies on the security of this code along with the Secure boot code.