This is important, according to CCT, as many of these products are used in defence applications that depend on the firmware acting as the root of trust for subsequent checks on their operating system and application software.
CCT has now implemented all aspects of Boot Guard. The boot firmware in the processor board BIOS is signed using a private key and the board is locked with the public key during the manufacturing process, ensuring that it can only boot CCT signed firmware. Any attempt to use non-authorised firmware will result in the board failing to boot.The firmware can still be updated for maintenance purposes but only with an image signed by the same private key held securely by CCT.
All these processor boards are manufactured by CCT in its own facility in Colchester, UK.
Well documented controls are in place to make sure that the correct firmware is loaded according to the product variant ordered, according to CCT. Once these processor boards are delivered, the responsibility for keeping the boards secure passes to the customer. A concern raised by some customers was that the firmware could be interfered during transit to their facility.
Boot Guard safeguards against this risk and any subsequent attempts to use non-authorised firmware during the product life-cycle, says CCT.