Secure boot is disabled by default. The secure device configuration states are:

  • Open: This is the default state. An open device does not have secure boot enabled and will boot any U-Boot image, regardless of whether the signature is invalid or if no signature is attached at all. However, when a signed U-Boot image is used, the ROM loader attempts to validate it and generates events if the U-Boot image is not properly signed. You can use this behavior to verify the images before you close a device. Open devices use a default test key for encryption and decryption.

  • Closed: In the closed state, secure boot features are enabled and only properly signed U-Boot images will boot the device. Closed devices use the OTPMK (One Time Programmable Master Key) for encryption and decryption.

Secure boot can be divided into two distinct processes:

  • Manufacturing: The device is programmed in a secure environment that protects the authentication and encryption keys.

  • Deployment: The image signature is verified at boot and the images are decrypted.