Secure Boot
The Atlas 200 AI accelerator module secure boot feature uses the BSBC (code embedded in the chip ROM) as the trust root. Hardware-level secure boot verification is implemented based on the physical features of eFuse, which can be burnt only once. Compared with software-based secure boot, chip-level secure boot based on BSBC and eFuse is more reliable. Currently, security verification is implemented for key firmware of the Atlas 200 AI accelerator module. The following figure shows the mechanism of security verification.
As shown in Figure 2-1, the Atlas 200 AI accelerator module firmware secure boot involves seven binary files. The ROM (containing the BSBC code) and eFuse (containing the root public key hash) are used to perform security verification on the seven firmware components level by level to build a trust chain of the entire system. Table 2-1 describes the functions of the seven binary files.
Do not replace the binary files (except Image and dtb) described in Table 2-1. Otherwise, secure boot verification will fail and the system will fail to be started.
File Name Abbreviation |
Full File Name |
Description |
|---|---|---|
xloader |
xloader.bin |
System initial boot program |
UEFI |
HI1910_FPGA_DDR.fd |
BIOS program of the Atlas 200 AI accelerator module |
Image |
Image |
Kernel program |
lpm3 |
lpm3.img |
Co-processing unit firmware |
FS |
filesystem-le.cpio.gz |
System initrd file system |
dtb |
dtb.img |
System dts file |
tee |
tee.bin |
Trusted execution environment (TEE) |