How a device authenticates the boot ROM code and binds the device processor when the device turns on
A BlackBerry® device processor provides an authentication method that is designed to verify that the boot ROM code is permitted to run on a device. The manufacturing process installs the boot ROM code in flash memory on the device. The boot ROM code is the root of trust on devices. The RIM® signing authority system, which signs the boot ROM code for a device during the manufacturing process, uses an RSA® public key to sign the boot ROM code. The processor is configured during the manufacturing process to store information that the processor can use to verify the digital signature of the boot ROM code.
When a user turns on a device, the processor runs internal ROM code that reads the boot ROM from flash memory and verifies the digital signature of the boot ROM code using the RSA public key. If the verification process is successful, the boot ROM is permitted to run on the device. If the verification process is not successful, the processor stops running.
The process of binding a processor to a boot ROM can occur when the processor is manufactured, the device is manufactured, or the BlackBerry® Device Software is configured, depending on the manufacturer and model number of the processor.