The invention discloses an SoC chip security design method, and the method comprises the following steps: setting a security storage area in an SoC chip to store security configuration information; obtaining entities of all stages of SoC chip starting, creating a security mirror image file and generating security configuration information; taking first-stage boot firmware on an SoC chip as a root of trust, acquiring a mirror image of a next stage at a current stage, and performing digital signature verification; if verification succeeds, the mirror image is trusted, the mirror image is loaded, and starting is executed; if verification fails, tampering the mirror image, and terminating the starting process. The verification of the bootstrap program, the operating system and the application program is realized by means of encryption and digital signature, the security and credibility of firmware and software are ensured, the key is safely stored, and the security is improved.