The QorIQ processor operates in one of four distinct security states governed by the TA 2.1 state machine: Security State Description
The QorIQ Secure Boot process functions as a strict, sequential chain of validation steps:
The full User Guide is typically and often requires a Non-Disclosure Agreement (NDA) with NXP to access. You can request it through the NXP Community or by contacting your NXP representative directly. Key Components of Trust Architecture 2.1
: The cornerstone of the architecture. It uses a hardware root of trust to ensure that only authentic, OEM-signed code executes from the moment of power-on. Strong Partitioning
To implement the 2.1 architecture, several hardware modules work in tandem: A. Internal Secure Boot Code (ISBC) qoriq trust architecture 2.1 user guide
: If the signature matches, the code is executed; otherwise, the device enters a "Secure Check Fail" state and stops. Accessing Documentation
The NXP QorIQ Trust Architecture 2.1 (TA 2.1) is a hardware-based security framework designed for embedded systems. It integrates security features directly into the silicon of QorIQ processors. This framework ensures system integrity, protects data, and prevents unauthorized software execution. This guide explains the core components, operational phases, and implementation steps of TA 2.1. 1. Core Components of Trust Architecture 2.1
Security requires heavy math, which is slow on general-purpose CPUs.
: Detects physical interference and can trigger "fail-safe" responses to protect sensitive data. Runtime Integrity Checking (RTIC) The QorIQ processor operates in one of four
The SNVS block monitors internal sensors and external pins for anomalous conditions indicative of a physical attack:
After researching various options, the company decided to implement the Qoriq Trust Architecture 2.1. Alex was tasked with leading the implementation effort.
“When programming the SFP (Secure Fuse Processor), the OTPMK must be written before enabling the Secure Boot flag. Writing the flag first without a valid key will permanently lock the device into an unrecoverable state.”
The standard U-Boot bootloader requires modifications to support the Chain of Trust: It uses a hardware root of trust to
The on-chip Security Engine (SEC) offloads intensive cryptographic processing from the primary CPU cores. It provides hardware-accelerated processing for symmetric algorithms (AES, 3DES), asymmetric algorithms (RSA, ECC), and cryptographic hashing (SHA-1, SHA-256, SHA-512). Physical and Logical Tamper Detection
# Enable write access to the SFP registers sfp init # Program the SHA-256 public key hash bytes into sequential SFP rows sfp write_hash 0x00A1B2C3 0xD4E5F607 0x89ABCDEF 0x01234567 ... # Provision the boot configuration index to enforce Secure Boot validation sfp write_provision 0x00000001 # Permanently transition the device into Secure Production mode sfp lock_lifecycle Use code with caution. 6. Run-Time Security Features
The CST is a command-line utility provided by NXP to generate public key structures, sign code binaries, and create the Command Sequence Files (CSF) required by the ISBC. Example: Creating a Signed Image Config File
IBR reads the public key from the image CSF, hashes it, and compares it against the hardware SFP fuses.
The SNVS block operates independently from the main power rail. If the main processor shuts down or enters a low-power sleep state, the SNVS continues to track security state variables, monitor the real-time clock, and listen for physical tamper alarms via a dedicated battery supply rail. 7. Troubleshooting and Debugging
Architecture 2.1 represents a significant evolution, particularly for the Layerscape (LS) series ARM Integration : It successfully merges NXP TA with ARM TrustZone