With the rise of the Industrial Internet of Things (IIoT) and related operational technology (OT) and information technology (IT) convergence, field-level cyber security has become more important than ever. Addressing these trends, our netX 90 system on a chip (SoC) product family now includes Secure Boot, a network security feature built directly into the chip.
Active during the startup phase of the device, Secure Boot ensures only the intended, original and unaltered firmware starts and executes. Since this security feature is hardware-related and not part of the protocol firmware, it protects both the chip and your network from malicious tampering. Secure Boot verifies that the firmware on the chip is the original version signed by the user. Only after passing this verification can the firmware run. You can assign users the responsibility to use their own keys, and users must first verify themselves by providing certificates to receive updates.
Simply use the netX Studio Integrated Development Environment (IDE) to sign the firmware, install the public keys and configure Secure Boot. For production environments, command line tools are also available.
Four security levels, each with additional options, allows you to scale protection levels to fit your application requirements — and you can also lock JTAG and console interfaces. These levels include:
- Disabled — an open, unrestricted system.
- Development — active firmware verification enabled, but you can modify security configuration without restrictions.
- Authenticate — active firmware verification is enabled, but a private key is required to modify security configuration.
- Immutable — this locked security configuration disables further modifications.