User guide
How a device protects its operating system
and the BlackBerry Device Software
Each time a user turns on a BlackBerry device, specific components on the device automatically check the authenticity of
the device operating system and the integrity of the
BlackBerry Device Software. The BlackBerry Device Software must
pass these security checks before the user can run the BlackBerry Device Software and before the user can update the
BlackBerry Device Software over the wireless network.
How a device authenticates the boot ROM
code and binds the device processor when
the device turns on
A BlackBerry device processor provides an authentication method that is designed to verify that the boot ROM code is
permitted to run on a device. The manufacturing process installs the boot ROM code in flash memory on the device. The
boot ROM code is the root of trust on devices. The
RIM signing authority system, which signs the boot ROM code for a
device during the manufacturing process, uses an RSA public key to sign the boot ROM code. The processor is configured
during the manufacturing process to store information that the processor can use to verify the digital signature of the boot
ROM code.
When a user turns on a device, the processor runs internal ROM code that reads the boot ROM from flash memory and
verifies the digital signature of the boot ROM code using the RSA public key. If the verification process is successful, the
boot ROM is permitted to run on the device. If the verification process is not successful, the processor stops running.
The process of binding a processor to a boot ROM can occur when the processor is manufactured, the device is
manufactured, or the BlackBerry Device Software is configured, depending on the manufacturer and model number of the
processor.
Security Technical Overview Protecting data on a device
71