How a BlackBerry device authenticates the boot ROM code and binds the BlackBerry device processor when the BlackBerry device turns on
A BlackBerry® device processor provides an authentication method that is designed to verify that the boot ROM code is permitted to run on a BlackBerry device. The manufacturing process installs the boot ROM code in flash memory on the BlackBerry device. The boot ROM code is the root of trust on BlackBerry devices. The RIM® signing authority system, which signs the boot ROM code for a BlackBerry device during the manufacturing process, uses an RSA® public key to sign the boot ROM code. The processor is configured during the manufacturing process to store information that the processor can use to verify the digital signature of the boot ROM code.
When a user turns on a BlackBerry device, the processor runs internal ROM code that reads the boot ROM from flash memory and verifies the digital signature of the boot ROM code using the RSA public key. If the verification process is successful, the boot ROM is permitted to run on the BlackBerry device. If the verification process is not successful, the processor stops running.
The process of binding a processor to a boot ROM can occur when the processor is manufactured, the BlackBerry device is manufactured, or the BlackBerry® Device Software is configured, depending on the manufacturer and model number of the processor.