: These include the chip’s OTPMK, optional ZMK, and any code, factory-installed private asymmetric keys, and pre-shared symmetric keys encrypted by the OTPMK or ZMK and stored to nonvolatile memory. The Trust Architecture ensures these secrets survive resets but remain protected from extraction.
QorIQ Trust Architecture 2.1 User Guide: Securing NXP Layerscape Processors
The architecture relies on a , anchoring security in immutable components of the Silicon, such as Fuse Arrays (One-Time Programmable - OTP memory). 2. Core Components of Trust Architecture 2.1
The is a specialized technical document from NXP (formerly Freescale) that provides instructions for implementing hardware-based security features like Secure Boot on QorIQ processors . Availability and Access qoriq trust architecture 2.1 user guide
The optimal operating state. All boot images verified successfully, and continuous monitors are running.
If you can tell me which (e.g., LS1046A, T1040) you are using, I can help you find the exact SDK documentation and tools you need to implement this architecture.
Trust Architecture 2.1 utilizes the SEC hardware accelerator for accelerating hashing (SHA-256/384) and signature verification (RSA/ECC) during the boot process, minimizing impact on boot time. 3. Implementation Workflow: The Secure Boot Process : These include the chip’s OTPMK, optional ZMK,
Below is a typical configuration structure used by the CST to parse an input binary (e.g., u-boot.bin ) and append the correct cryptographic headers:
The NXP Code Signing Tool supports Trust Architecture 1.x, Trust Architecture 2.0, and Trust Architecture 2.1 devices; however, the user must specify the chip part number when creating the signed image.
The document is typically accessed through the NXP DocStore or requested via NXP sales channels. If you misprogram fuses
The critical outputs are cst (binary) and the keys/ directory.
The ISBC reads the external boot flash to locate the and the public key table.
This is . If you misprogram fuses, you brick the device permanently.