Paper 2018/427

Secure Boot and Remote Attestation in the Sanctum Processor

Ilia Lebedev, Kyle Hogan, and Srinivas Devadas


During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor. We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA.

Note: Corrected a typographical error.

Available format(s)
Publication info
Published elsewhere. Proceedings of the 31st Computer Security Foundations Symposium, 2018
secure bootremote attestationPhysical Unclonable Functionsecure processor
Contact author(s)
devadas @ mit edu
2018-05-31: revised
2018-05-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ilia Lebedev and Kyle Hogan and Srinivas Devadas},
      title = {Secure Boot and Remote Attestation in the Sanctum Processor},
      howpublished = {Cryptology ePrint Archive, Paper 2018/427},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.