Thrangrycat

BRANK

What is Cisco’s Trust Anchor?Cisco Secure Boot is a secure startup process that ensures the integrity of the firmware running on Cisco hardware devices. To perform this validation each time the device resets, Cisco developed a separate, special-purpose hardware device, known as the Trust Anchor module (TAm), as a root of trust for the secure boot process. After system power-on, the TAm runs the first instructions, which immediately verify the integrity of the bootloader. Should any failure be detected, the device alerts the user and reboots the device, thus preventing the device from executing the modified bootloader.How is Cisco’s Trust Anchor implemented?At the design level, the hardware anchor is implemented using an external FPGA. After initial power-on, the FPGA loads an unencrypted bitstream implementing the hardware Trust Anchor to provide root of trust functionality from a dedicated Serial Peripheral Interface (SPI) flash chip. Once the bitstream is loaded, the FPGA performs…