Abstract: Device verification extension technology obtains, in response to a request to verify a signature associated with first data, an asymmetric verifier application from off-device storage. The asymmetric verifier application is loaded and executed. The signature associated with the first data is verified using the asymmetric verifier application using asymmetric-key cryptography.

Abstract: A software installation method is provided for a device comprising non-volatile memory 10 and access control circuitry 6 to control access to the non-volatile memory based on region defining data 7 defining whether a given region of the non-volatile memory is a less secure region or a more secure region, with greater access restriction imposed on access to a more secure region than to a less secure region. The method comprises installing target software 40 in a target region of the non-volatile memory 10 defined by the region defining data as a less secure region; verifying the target software; and at least when verification of the target software is successful, and after installation of the target software, updating the region defining data 7 to change the target region from a less secure region to a more secure region.

Abstract: A method is provided for installing or updating software on an electronic device 2 comprising processing circuitry 4 and memory access circuitry 10 to control access to at least one memory unit 6, 8 in response to physically-addressed memory access requests issued by the processing circuitry specifying physical addresses from a physical address space. The method comprises performing an address layout varying process comprising: obtaining at least one seed value; in dependence on the at least one seed value, selecting one of a plurality of software address layouts for code or data associated with the software, each software address layout corresponding to a different layout of the code or data in the physical address space; and triggering the electronic device to write the code or data associated with the software to locations of said at least one memory unit corresponding to the selected software address layout.

Abstract: A verification extension method for a device, the method comprising: obtaining, in response to a request to verify a signature associated with first data, an asymmetric verifier application from off-device storage; loading the asymmetric verifier application; executing the asymmetric verifier application; verifying, using the asymmetric verifier application, the signature associated with the first data using asymmetric-key cryptography.

Abstract: A software installation method is provided for a device comprising non-volatile memory 10 and access control circuitry 6 to control access to the non-volatile memory based on region defining data 7 defining whether a given region of the non-volatile memory is a less secure region or a more secure region, with greater access restriction imposed on access to a more secure region than to a less secure region. The method comprises installing target software 40 in a target region of the non-volatile memory 10 defined by the region defining data as a less secure region; verifying the target software; and at least when verification of the target software is successful, and after installation of the target software, updating the region defining data 7 to change the target region from a less secure region to a more secure region.

Abstract: A method is provided for installing or updating software on an electronic device 2 comprising processing circuitry 4 and memory access circuitry 10 to control access to at least one memory unit 6, 8 in response to physically-addressed memory access requests issued by the processing circuitry specifying physical addresses from a physical address space. The method comprises performing an address layout varying process comprising: obtaining at least one seed value; in dependence on the at least one seed value, selecting one of a plurality of software address layouts for code or data associated with the software, each software address layout corresponding to a different layout of the code or data in the physical address space; and triggering the electronic device to write the code or data associated with the software to locations of said at least one memory unit corresponding to the selected software address layout.