![](https://csdnimg.cn/release/download_crawler_static/88760757/bgd.jpg)
Requirements Definition of Secure Boot Function Ver. 2.01 JASPAR Standards Document: ST-CSP-14
- 13 -
Unauthorized copying or reproduction is prohibited by copyright law.
2.3. Verification function
This function uses the state after the reset release of a device as a start condition, for example, and verifies the
integrity of software based on “verification range information” before the execution of the software.
The following table shows typical algorithms used for the verification method executed in this function. The
characteristics of the various algorithms assume that they are used in the verification function for secure boots. It is
desirable to use specific technologies and algorithms by referring to NIST SP 800-57 and the CRYPTREC e-
Government Recommended Ciphers List.
In this document, MAC or digital signatures are applicable to the algorithms used for software verification, unless
keys themselves are to be verified.
Table 2.3.1 Typical Examples of Verification Algorithms
Key
Classification
in ECU
A method used to check the integrity by comparing
the HASH value that is calculated from normal data
beforehand and becomes an expected verification
value with the HASH value calculated from the
verification range.
Since any attack that tampers both the verification
range information and the expected verification
value cannot be resisted, it can be used only if both
types of data meet the requirements for the storage
area. Considering software updates, for example, the
degree of operational freedom may be restricted,
depending on each verification purpose.
AES128 CMAC
HMAC SHA256
etc.
A method used to calculate the MAC with the
verification range data and key as inputs and
compare it with the expected verification value
calculated in the same method. There are HMACs
based on HASH functions and CMACs (and others)
based on block ciphers. In addition to integrity
checks, such algorithms can check if the verification
range data is the software managed in the secure
boot data management/generation area.
One of the characteristics of the operation time for
the verification range is that the operation time
increases in proportion to the size of the verification
range. Since a common key is used, it is necessary to
meet the requirements for the storage area with
respect to the key. Therefore, the requirements for
the expected verification value are not required.