2.1 User Guide ((exclusive)) - Qoriq Trust Architecture

Refer to the QorIQ Trust Architecture 2.1 User Guide (Document Number: TA2.1_UG) for register definitions, CST command syntax, and FUSE map specifications.

A: HAB (High Assurance Boot) is an i.MX concept. Layerscape documentation talks about Secure Boot and Trust Architecture, which is the same idea but not software-compatible with HAB.

: The ISBC uses the validated public key to verify the digital signature of the next stage (e.g., U-Boot or TF-A).

The process starts with the Internal Secure Boot Code (ISBC), which performs the initial hardware checks before passing control to the user's authenticated code. Accessing the Full User Guide

The Trust Architecture functions via dedicated hardware blocks inside the QorIQ Layerscape SoC: qoriq trust architecture 2.1 user guide

The represents a refined approach to securing NXP’s Layerscape and QorIQ platforms, offering OEM-controlled mechanisms to establish a chain of trust from power-on to full operation. This guide provides an overview of the key concepts, components, and implementation workflows for Trust Architecture 2.1. 1. Introduction to QorIQ Trust Architecture 2.1

, a trusted platform is a system that does exactly what its stakeholders expect, resisting attackers with both remote and physical access, or "failing safe" if compromised. Key Pillars of Trust Architecture 2.1 The QorIQ TA 2.1 is an opt-in scheme

Protecting sensitive data and IP via encryption.

Securing the Edge: A Deep Dive into QorIQ Trust Architecture 2.1 Refer to the QorIQ Trust Architecture 2

Provides a more intrinsic method for provisioning unique device public/private keys.

Upon detection, the monitor asserts a signal, which can be configured (via the CSU) to:

For a system designer, the QorIQ Trust Architecture 2.1 moves security from an "optional add-on" to a . It allows you to build devices that can survive physical attacks (like probing the bus) and software attacks (like malware), making it essential for:

: The ISBC reads the developer's public key from external memory, hashes it, and compares it against the SRK hash in the on-chip fuses. : The ISBC uses the validated public key

Trust Architecture 2.1 utilizes the SEC hardware accelerator for accelerating hashing (SHA-256/384) and signature verification (RSA/ECC) during the boot process, minimizing impact on boot time. 3. Implementation Workflow: The Secure Boot Process

: The cornerstone feature that cryptographically verifies software integrity before launch, creating a "chain of trust" from the hardware up to the application layer. Secure Debug

Trust Architecture (TA) version 2.1 introduces several critical hardware anchors to protect the system from remote and physical attacks: