Developing secure systems is always a challenge due to the limited, or non-existent, integration and test capabilities that exist once secure features are enabled. To assist integration and test efforts, the ability to command a hardware root of trust via the configuration file is provided. The BH RSA option is set in bootgen. This commands the device to boot using the root of trust without having to program the eFUSEs that force authentication. Authenticated or unauthenticated boots can now be performed during the integration and test phase. The functionality that is not performed in this mode include the following.
•Does not validate the integrity of the PPK (this would require eFUSEs to be programmed).
•Does not validate the SPK ID (this would require eFUSEs to be programmed).
Clearly this mode should not be used in a fielded system since this portion of the configuration file is not authenticated and could easily be modified by an adversary. If the BH RSA option is set and the RSA_EN eFUSEs are programmed to force authentication, the device will go back to boot and continue to search for a valid boot image. If a valid boot image is not found then the device will enter secure lockdown.