Qoriq Trust Architecture 2.1 User Guide -

If the signature is valid, the CPU jumps to the ESBC. If it fails, the system enters a "Soft Fail" or "Hard Fail" state (depending on fuse settings), typically halting execution to prevent attacks. 4. Setting Up the Environment

You can test Secure Boot using "Development" keys without blowing fuses by using the SoC's override registers.

The QorIQ Trust Architecture is a set of hardware security blocks integrated into NXP QorIQ SoCs (System on Chips). Version 2.1 represents an evolution in the mechanism, providing a "Root of Trust" (RoT) that ensures the device only runs software cryptographically signed by the manufacturer. Key Security Goals: qoriq trust architecture 2.1 user guide

Maintain a strategy for revoking keys if a private key is compromised.

The SoC contains a fuse processor. Once "blown," these fuses permanently store the public key hashes (OTPMK) and security configurations. This makes the security settings immutable. 3. The Secure Boot Sequence If the signature is valid, the CPU jumps to the ESBC

The ISBC (in ROM) initializes the SEC engine.

If the hashes match, the ISBC uses the public key to verify the digital signature of the ESBC. Setting Up the Environment You can test Secure

Once the software is finalized, you must blow the SRKH (System Root Key Hash) into the OTP fuses. Warning: This is irreversible. If you lose the private key associated with this hash, you will "brick" any future boards produced. Step 4: Enabling "Secure Boot" Mode

Beyond signing (authentication), use the SEC engine to encrypt the bootloader image on the flash to protect your intellectual property.