Qoriq Trust Architecture | 2.1 User Guide 2021

Generate your RSA keys. Keep the private key in a Hardware Security Module (HSM) or a highly secure, offline environment. Step 2: Create the Boot Image

The QorIQ Trust Architecture is a set of hardware security blocks integrated into NXP QorIQ SoCs (System on Chips). Version 2.1 represents an evolution in the mechanism, providing a "Root of Trust" (RoT) that ensures the device only runs software cryptographically signed by the manufacturer. Key Security Goals:

Ensuring the code comes from a trusted source. Integrity: Ensuring the code has not been altered. qoriq trust architecture 2.1 user guide

Use the Monotonic Counter fuses to ensure an attacker cannot downgrade your firmware to an older version that had a known security flaw.

The ISBC is the first code executed by the processor upon power-on. It is stored in immutable ROM. Its primary job is to validate the next stage of the bootloader (the ESBC). B. External Secure Boot Code (ESBC) Generate your RSA keys

Once the software is finalized, you must blow the SRKH (System Root Key Hash) into the OTP fuses. Warning: This is irreversible. If you lose the private key associated with this hash, you will "brick" any future boards produced. Step 4: Enabling "Secure Boot" Mode

Implement logging within your OS to monitor for "Security Violations" reported by the SEC block during runtime. Conclusion Version 2

Set the physical pins or fuses to move the device from "Non-Secure" to "Secure" mode. In this mode, the CPU will refuse to boot any image that is not signed correctly. 6. Best Practices for Trust Architecture 2.1

Beyond signing (authentication), use the SEC engine to encrypt the bootloader image on the flash to protect your intellectual property.

How far along are you in your implementation—are you currently generating keys or ready to blow fuses ?