Qoriq Trust Architecture 21 User - Guide

The guide meticulously documents the Secure Boot Process from PBL (Pre-Boot Loader) to u-boot and into the OS. It clearly explains:

The step-by-step walkthrough of the boot flow with cryptographic verification (RSA-2048/4096, ECC256) is a gold standard. If you need to know exactly where the hash comparison fails, this guide has the register addresses.

NXP’s QorIQ Trust Architecture 2.1 (TA 2.1) is a specialized hardware-based security framework designed for Layerscape and QorIQ processors. It serves as the foundation for building Trusted Platforms by combining silicon-level security features with OEM-controlled software protocols. 🛡️ Core Security Features

The Trust Architecture provides a suite of "opt-in" hardware capabilities that allow developers to balance security strength against system debuggability.

Hardware Root of Trust (HRoT): An immutable silicon foundation that anchors the entire security chain.

Secure Boot: Ensures only authenticated, OEM-signed code can execute on the processor. qoriq trust architecture 21 user guide

Secure Debug: Controls access to JTAG and debug interfaces via fused permissions, preventing unauthorized hardware-level inspection.

Anti-Tamper & Monitoring: Detects physical or environmental tampering and can trigger a "fail-safe" state or erase secret keys.

Secret Key Protection: Protects persistent and ephemeral device secrets (like RSA private keys) from extraction or misuse.

Runtime Integrity Checking (RTIC): Continuously monitors memory to ensure code has not been modified after the boot process. 🔑 Secure Boot Process (Chain of Trust)

Secure Boot is the primary mechanism for establishing a Chain of Trust (CoT). It relies on digital signature validation using public/private key pairs. 1. Pre-Boot Phase The guide meticulously documents the Secure Boot Process

The Security Fuse Processor (SFP) reads internal fuse values immediately upon power-on.

If the Intent to Secure (ITS) fuse is blown, the system is locked down until trusted code is validated. 2. Internal Secure Boot Code (ISBC) The processor jumps to the on-chip Internal Boot ROM (IBR).

The ISBC validates the initial boot image (PBI commands and the next stage bootloader) using an RSA public key hash stored in the hardware fuses. 3. External Secure Boot Code (ESBC)

Once validated, the first-stage bootloader (e.g., U-Boot) takes over.

The ESBC continues the chain by validating subsequent images, such as the Linux Kernel, Device Tree (DTB), and user applications. 🛠️ Implementation & Tools The step-by-step walkthrough of the boot flow with

Before opening the user guide, one must understand the "why." Trust Architecture is a set of hardware security modules integrated into the QorIQ SoC. Version 2.1, found in later P-series (e.g., P2041, P3041) and early T-series devices, provides:

The user guide is not a casual read; it is a technical roadmap for configuring the Security Fuses (SFMs) and the Internal Security Controller (ISC).

| Aspect | QorIQ Trust Arch 1.1 | NXP i.MX HAB | STM32 Secure Boot | TI AM65x Security | |--------|----------------------|--------------|--------------------|--------------------| | Depth | Very high | Medium | Low | Medium | | Clarity | Low | Medium-High | High | Medium | | Examples | Few, low-level | Many, practical | Many, abstracted | Medium | | Debug support | Poor | Good | Excellent | Medium |

Compared to i.MX HAB (High Assurance Boot), the QorIQ guide is more powerful but far less accessible. TI’s security manual is a model of clarity by contrast.