The trusted root refers to a tamper-resistant, no-validation, guaranteed-trusted initial base starting module that internally contains the public key required for the first step of signature verification.
First, the code of PhytiumBoot ROM (PBR) stored in the chip is executed and then the Phytium Base Firmware (PBF) stored outside the chip is verified by PBR. If the verification is successful, it jumps to PBF for execution; otherwise, it reports an error. Then PBF verifies the System Firmware. if the verification is successful, it jumps to the system firmware; otherwise, it reports an error. Similarly, when the system firmware, boot program, operating system, driver, etc. are loaded and executed in turn, the next level is verified by the upper level step by step to build a trusted startup chain.
Phytium has introduced the Phytium Security Platform Architecture (PSPA). PSPA defines the hardware and software specifications related to the security of the Phytium processor and is currently available in Version 1.0.
Using a cascading delayed-signature model, during the whole startup process, each pair of modules must verify the code and data introduced by it, so as to implement the transmission of a trusted chain and ensure that all codes executed in the startup process are trusted.
Supporting the acceleration of SM2, SM3 and SM4 commercial cipher algorithms.