1.8 – Verify Boot Image Signature Validation

1.8 – Verify Boot Image Signature Validation

Requirement Description

Verify that the device performs boot image signature validation before loading the firmware, ensuring that only authentic, vendor-signed firmware is executed. This process is typically part of Secure Boot and involves cryptographic verification using trusted public keys.

DUT Software Details

  • Software Name/Version: ___________________

  • Build Date: ___________________

  • Build Number: ___________________

Hash Checksum Verification for DUT’s Software Image

  • Algorithm Used: SHA-256 (or other approved algorithm)

  • Expected Hash: ___________________

  • Calculated Hash: ___________________

  • Result: Pass / Fail

DUT Configuration

(Insert configuration commands, debug outputs, or settings used to verify secure boot status and signature validation.) Example:

show boot secure-status
show system integrity
dmesg | grep -i "signature"

Pre-Conditions

The vendor shall provide the following:

  1. Datasheet of the SoC used in the DUT.

  2. Technical specifications of the device regarding secure boot, including:

    • Keys involved and their management lifecycle (generation, storage, rotation, destruction).

    • Signature validation process.

    • Any additional secure mechanisms implemented (e.g., anti-rollback, measured boot).

Test Plan

Total Number of Test Cases: 2

Planned Test Cases:

  1. BIS-1.8.1 – Verification of boot image signature validation mechanism through documentation review and functional check.

  2. BIS-1.8.2 – Validation of signature verification enforcement during boot with a modified/unsigned image.

Test-bed Diagram with Interfaces and IPs

(Attach diagram showing DUT, management console, firmware signing tools, and relevant debug or serial connections for boot process monitoring.)

PreviousTest 1NextTest 1-2

Last updated

Was this helpful?