Once the software is finalized, you must blow the SRKH (System Root Key Hash) into the OTP fuses. Warning: This is irreversible. If you lose the private key associated with this hash, you will "brick" any future boards produced. Step 4: Enabling "Secure Boot" Mode
The QorIQ Trust Architecture is a set of hardware security blocks integrated into NXP QorIQ SoCs (System on Chips). Version 2.1 represents an evolution in the mechanism, providing a "Root of Trust" (RoT) that ensures the device only runs software cryptographically signed by the manufacturer. Key Security Goals:
A version of the NXP SDK that supports secure boot features. 5. Implementation Steps Step 1: Key Generation qoriq trust architecture 2.1 user guide
Generate your RSA keys. Keep the private key in a Hardware Security Module (HSM) or a highly secure, offline environment. Step 2: Create the Boot Image
If the signature is valid, the CPU jumps to the ESBC. If it fails, the system enters a "Soft Fail" or "Hard Fail" state (depending on fuse settings), typically halting execution to prevent attacks. 4. Setting Up the Environment Once the software is finalized, you must blow
The QorIQ Trust Architecture 2.1 is a powerful defense mechanism against physical and remote exploits. By establishing a hardware-rooted chain of trust, developers can ensure that their QorIQ-based systems remain resilient in hostile environments. While the initial setup of keys and fuses requires precision, the result is a system that is virtually impossible to subvert without the authorized private keys.
Maintain a strategy for revoking keys if a private key is compromised. Step 4: Enabling "Secure Boot" Mode The QorIQ
Beyond signing (authentication), use the SEC engine to encrypt the bootloader image on the flash to protect your intellectual property.
To implement the 2.1 architecture, several hardware modules work in tandem: A. Internal Secure Boot Code (ISBC)