Patent attributes
A method includes building a firmware image to execute on a bootloader of a system on chip (SoC), the firmware image including first encryption public and private keys, and digitally signing the firmware image with a second encryption private key. The signed firmware image is encrypted with a symmetric encryption key, which in turn is encrypted with a second encryption public key. The encrypted signed firmware image and the encrypted symmetric encryption key are sent to the SoC to cause the SoC to (1) decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key from a first asymmetric key pair, (2) decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and (3) verify a digital signature of the signed firmware image using a third encryption public key from a second asymmetric key pair.
