FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

"Intent to Secure" vs RCW[SB_EN]

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

"Intent to Secure" vs RCW[SB_EN]

‎11-05-2020 07:28 AM
877 Views
b_straehl
Contributor I

• Non-Secure state- the state of the Security Monitor when the device boots with
the Intent to Secure fuse =0, or RCW[SB_EN]=0, and a non-fatal security
violation (including signature verification failure) occurs.
• In this state, non-trusted software is allowed to run, but it cannot request the
SEC to use persistent or ephemeral secret keys.
• Trusted state - the state of the Security Monitor when the device boots with the
Intent to Secure fuse or RCW[SB_EN]=1, and no security violations are
detected.
• In this state, trusted software (at least one trusted partition) is allowed to run,
and any software with memory mapped access to the SEC can request the
SEC to use persistent or ephemeral secret keys.

After a lot of reading I still don't understand the relationship between the "Intent to Secure" fuse and the RCW[SB_EN] bit. If I read the text above, I understand that if either the ITS fuse OR the RCW[SB_EN] bit is 0, then I can run non-trusted software. But it either the ITS fuse OR the RCW[SB_EN] bit is 1, then I can run trusted software. So let's see:

ITS=0; RCW[SB_EN]=0  > non-trusted SW
ITS=1; RCW[SB_EN]=0  > non-trusted SW or trusted SW
ITS=0; RCW[SB_EN]=1  > non-trusted SW or trusted SW
ITS=1; RCW[SB_EN]=1  > non-trusted SW or trusted SW

Is this correct?

 

 

Labels (1)
Labels
0 Kudos
Reply
4 Replies

‎11-05-2020 07:38 PM
871 Views
yipingwang
NXP TechSupport
NXP TechSupport

ITS (Intent To Secure), if you set ITS bit the system operates in secure and trusted manner, Setting RCW[SB_EN] performs the same function.

Secure Boot is enabled if either this RCW bit is set or the Intent to Secure fuse value is set.

For prototyping phase, please don't blow the ITS fuse, but use rcw with SB_EN = 1.

In Trusted Manufacturing Process, program the ITS fuse at the same time or after provisioning all other fuses in the SoC.

0 Kudos
Reply

‎11-06-2020 08:33 AM
862 Views
b_straehl
Contributor I

Okay, thank you. But somehow this is not the full answer I expected.

According to the first part of the quotation I made in my original post, it seems to be possible that non-trusted application are executed if ITS OR RCW[SB_EN] is 0.

Can you confirm that please?

0 Kudos
Reply

‎11-09-2020 12:56 AM
845 Views
yipingwang
NXP TechSupport
NXP TechSupport

Non-trusted software is allowed to run if both ITS and  RCW[SB_EN] is 0.

0 Kudos
Reply

‎11-09-2020 01:21 AM
839 Views
b_straehl
Contributor I

Okay, thank you. But then I would say, that the following text, which I copy/pasted from the User Guide is wrong or at least confusing:

Non-Secure state- the state of the Security Monitor when the device boots with
the Intent to Secure fuse =0, or RCW[SB_EN]=0, and a non-fatal security
violation (including signature verification failure) occurs.

As you mentioned in your last response too, it shoud state ....Intent to Secure fuse =0 AND RCW[SB_EN]=0...

0 Kudos
Reply