As noted by an NXP support response, the complete "QorIQ Trust Architecture x.x User Guide" is a restricted document because it contains detailed, confidential information about the security implementation. To obtain this guide, you must:
The cornerstone of the QorIQ Trust Architecture 2.1 is the secure boot process. This process ensures that the bootloader, kernel, and applications have not been tampered with before execution.
The SecMon tracks the physical and logical security state of the System on Chip (SoC). It continuously monitors security state transitions, manages hardware alarms, and coordinates the destruction of secret keys if a physical or software tamper event is detected. Non-Volatile Memory (Fuse Processor / OTP)
: Boot the signed images on target hardware with fuses unblown to verify the validation logic succeeds without errors. qoriq trust architecture 21 user guide
: Monitors for physical and remote attacks, allowing the system to "fail safe" or clear secrets if a breach is detected.
QorIQ Trust Architecture 2.1: The Definitive Implementation Guide
The Secure Boot process establishes an unbroken Chain of Trust (CoT). Each step must be cryptographically validated before execution passes to the next layer. As noted by an NXP support response, the
Sign the binary using the CST tool to append the Command Sequence File (CSF) headers: ./cst --input input_file_config --output u-boot-signed.bin Use code with caution. Phase 3: Programming the Fuses (Blowing Fuses)
By leveraging ARM TrustZone technology, the architecture creates a hardware-isolated environment. This separates sensitive data (like encryption keys) from the primary operating system. Secure Debug
The Secure Boot process ensures that every piece of software executed by the processor is verified against trusted cryptographic signatures. The SecMon tracks the physical and logical security
The architecture supports a secure manufacturing process that integrates with device lifecycle management to ensure integrity from the factory floor to the field. User Implementation and Accessibility
Boot your unsigned platform into an open development U-Boot environment.
Debugging is a critical part of system development, but debug interfaces (like JTAG) can also be a significant vulnerability. The Trust Architecture provides controlled access to these interfaces, ensuring that they cannot be used to compromise system security in a final product.
A monotonic counter to prevent anti-rollback attacks (flashing old, vulnerable software versions).