Security system and method for preventing rollback attacks on silicon device firmware

The invention claimed is: 1. A computerized system protected from rollback attacks which might otherwise occur when the system's firmware is changed, thereby to define versions of the firmware, the system comprising: i. a chip including a. ROM code including a bootloader (also known as boot ROM code) integrated into the chip silicon, and wherein said boot ROM code runs whenever the chip is powered on; and b. programmable fuse array memory comprising a one-Time-Programmable (OTP) memory in which to store version identifiers comprising a version numbers; ii. first (also known as active) and second (also known as recovery) non-volatile memories (also known as NVMs) in which first and second copies of a version of bootable firmware (also known as firmware which is loaded on boot), are respectively stored; wherein a first identifier is stored in the active NVM which, when stored, uniquely identifies said version, the first copy of which is stored in the active NVM, the first identifier including at least an active major number and an active minor number, both signed with a private key; wherein a second identifier is stored in the recovery NVM, which, when stored, uniquely identifies said version, the second copy of which is stored in the recovery NVM, the second identifier including at least a recovery major number and a recovery minor number, both signed with said private key; and iii. a hardware device which obeys a first command, provided by the boot ROM code after boot-up also known as at bootloader completion, to lock (also known as disable, at least writing to also known as provide write protection to), until next system reset, at least the recovery NVM including ensuring at least the recovery NVM is not writeable also known as not accessible for writing, other than to the bootloader, and obeys a second command, provided by the boot ROM code upon said next system reset, to lift the write protection of at least the recovery NVM, thereby to provide the system with an ability to prevent an older version of the firmware from being booted up, once a newer version of the firmware has been validated, wherein firmware images associated with both said versions, and both said identifiers, are signed with said private key, and wherein the boot ROM code is configured to authenticate at least one firmware image and to authenticate said first and second identifiers; the system implemented by at least one processor being configured for: storing copies of a first version of bootable firmware (also know as first firmware image), in said active and recovery NVMs; storing first and second copies of at least a major number of the first version, in said first and second non-volatile memory devices respectively; and programming at least one bit in the OTP memory to equal also known as match said major number; and at least once performing a minor update of the firmware, including replacing the version of bootable firmware stored in the active NVM with a new “minor” version of the bootable firmware and replacing the identifier stored in the active NVM with a new identifier including a higher minor number; and after at least one reset which necessitates a boot, a. commanding the boot loader: to determine, at least if the active NVM's content is valid, whether or not the identifier in the active NVM is greater than said OTP number; and to halt if the major number in the active NVM is lower than said OTP number, and b. only if the identifier in the active NVM (also known as active minor) is greater than the identifier in the identifier in the recovery NVM (also known as recovery minor), performing operations bi, b2, respectively including: operation b1. the new version of the bootable firmware is written over the version of the bootable firmware currently stored in the recovery NVM; and operation b2. the identifier in the recovery NVM is updated to equal the value of the identifier in the active NVM. 2. The system according to claim 1 wherein said OTP memory includes plural fuses whose states represent version numbers. 3. The system according to claim 1 wherein plural bits in said OTP (also known as OTP bits) are used to represent a number, OTP -Number=Starting-Number+Counter, the plural bits including an array of n bits, thereby to define n bit indices associated respectively with said n bits, said n bits including a (“first”) subset of bits having a value of “0” and a (“second”) subset of bits which have been fused to 1, and wherein said counter is determined as a highest index from among the bit indices associated with said (“second”) subset of said n bits which have been fused to one. 4. The system according to claim 1 wherein the hardware device is not operative to disable reading from and/or writing to the active NVM such that the active NVM is readable and writeable, after boot-up. 5. The system according to claim 3 wherein, when the first firmware image is stored in the active and recovery NVMs, said OT number equals the major number stored in both NVMs. 6. A system according to claim 1 wherein said active and recovery NVMs comprise two separate memory devices. 7. A system according to claim 1 wherein said active and recovery NVMs comprise two memory ranges on a single flash device. 8. The system according to claim 3 wherein the starting number is write-protected. 9. The system of claim 3 and wherein said OTP number is used to as a comparing reference to each of said active major and said recovery major numbers. 10. A method for protecting a system from rollback attacks which might otherwise occur when firmware in the system is changed, thereby to define versions, the method comprising: I. providing a system including i. a chip including a. ROM code including a bootloader (also known as boot ROM code) integrated into the chip silicon, and wherein said boot ROM code runs whenever the chip is powered on; and b. programmable fuse array memory comprising a One-Time-Programmable (OTP) memory in which to store version identifiers comprising a version numbers; ii. first (also known as active) and second (also known as recovery) non-volatile memories (also known as NVMs) in which first and second copies of a version of bootable firmware (also known as firmware which is loaded on boot), are respectively stored; wherein a first identifier is stored in the active NVM which, when stored, uniquely identifies said version, the first copy of which is stored in the active NVM, the first identifier including at least an active major number and an active minor number, both signed with a private key; wherein a second identifier is stored in the recovery NVM which, when stored, uniquely identifies said version, the second copy of which is stored in the recovery NVM, the second identifier including at least a recovery major number and a recovery minor number, both signed with said private key; and iii. a hardware device which obeys a first command, provided by the boot ROM code after boot-up also known as at bootloader completion, to lock (also known as disable, at least writing to aka provide write protection to), until next system reset, at least the recovery NVM including ensuring at least the recovery NVM is not writeable also known as not accessible for writing, other than to the bootloader, and obeys a second command, provided by the boot ROM code upon said next system reset, to lift the write protection of at least the recovery NVM, thereby to render the system able to prevent an older version of the firmware from being booted up, once a newer version of the firmware has been validated, II. storing copies of a first version of bootable firmware (also known as first firmware image), in said active and recovery