FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure Authenticator and i.MX8QM connection for trust anchor

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Secure Authenticator and i.MX8QM connection for trust anchor

Jump to solution
‎02-08-2023 12:19 AM
1,575 Views
YukioOyama
Contributor III

Hi,

We are developing a product using i.MX8QM. the OS is Linux. Even though we are in the middle of development, it became necessary to add an external security chip as a trust anchor.

I found your SE050 and A7000. To use these as trust anchors, to which I2C port should I connect to the i.MX8QM?

My understanding is that when the external security chip is a trust anchor, the external chip microboots and then the authenticated CPU secure boot boots, then U-boot boots.

In other words, I guessed that it would need to be connected to an I2C port that would work before U-boot. I checked your web site and could not find a connection to the host. Please tell me which port on the i.MX8QM I should connect? Sorry if I missed it.

And if I'm wrong about the system configuration regarding my idea of the root of trust, I would like your suggestion using an external security chip.

Best Regards,

Yukio Oyama

0 Kudos
Reply
1 Solution

Jump to solution
‎02-08-2023 07:54 PM
1,550 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @YukioOyama ,

 

Actually I.MX8QM has its own secure boot flow, but anyway, it is possible to use an external secure element for that purpose, but I don't think you may skip the whole internal secure boot mechanism, because you have to secure boot from the boot ROM to SBL at first, SBL should be U-Boot in your case, and then the SBL starts to use I2C interface and opens session to SE05X , and uses the pre-provisioned key K_PUB_OEM in SE05X to verify secure application image. After successful verification, SBL loads the verified image. so you need not concern about the I2C port has to get ready before the boot.

SE050E has Common Criteria (CC) certified EAL 6+, not sure if it meets your requirement.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

0 Kudos
Reply
9 Replies

Jump to solution
‎02-08-2023 01:50 AM
1,567 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @YukioOyama ,

 

What is the purpose for SE050/A5000 attached with  i.MX8QM? Secure boot? Please kindly clarify.

 

SE050/A5000 can be connected with i.MX8QM via any I2C port . Please kindly refer to https://www.nxp.com/docs/en/application-note/AN13027.pdf for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎02-08-2023 03:23 AM
1,560 Views
YukioOyama
Contributor III

Hello Kan-san,

Thanks for your confirmation. I am not familiar with it.

Yes what I want to do is secure boot.

I want the root of trust for secure boot to start from an external security chip instead of writing to eFUSE in i.MX8.

Thus, I thought that the ports that could access the external security chip prior to boot would be limited.

Is my information sufficient for you to support me? If not, please contact me.

Best Regards,

Yukio Oyama

0 Kudos
Reply

Jump to solution
‎02-08-2023 06:26 PM
1,553 Views
YukioOyama
Contributor III

Hello Kan-san,

In microprocessors, there are solutions to secure boot using external secure elements (e.g., Microchip Technology's ATECC608)

Is it possible to add an external secure element like this for a large processor like the i.MX8?
Is it possible depending on the boot code?

I cannot think of a configuration that would work well with the internal secure boot mechanism and the external secure element.

If that were possible, would the boot process skip the internal secure boot when using secure boot with an external security chip?
That might prevent the disposal of expensive i.MX8 processors due to eFuse write failures. But in that case, can you explain whether the EAL (Evaluation Assurance Level) went up or down?

 

There is an external security tip request because of our internal policy of adopting a more secure boot, but I have to explain that this is not possible.

Best Regards,

Yukio Oyama

0 Kudos
Reply

Jump to solution
‎02-08-2023 07:54 PM
1,551 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @YukioOyama ,

 

Actually I.MX8QM has its own secure boot flow, but anyway, it is possible to use an external secure element for that purpose, but I don't think you may skip the whole internal secure boot mechanism, because you have to secure boot from the boot ROM to SBL at first, SBL should be U-Boot in your case, and then the SBL starts to use I2C interface and opens session to SE05X , and uses the pre-provisioned key K_PUB_OEM in SE05X to verify secure application image. After successful verification, SBL loads the verified image. so you need not concern about the I2C port has to get ready before the boot.

SE050E has Common Criteria (CC) certified EAL 6+, not sure if it meets your requirement.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎02-08-2023 10:29 PM
1,546 Views
YukioOyama
Contributor III

Hello Kan-san,

Thanks for your solution.

I understood that your suggestion is to start with i.MX8 SecureBoot and add authentication by secure elements in the U-Boot.

With SecureBoot in i.MX8, the SecureBoot loader, U-Boot, and app (and maybe even the CortexM Firmware) each image file is verified according to the boot sequence.

By adding the verification by security elements to this, the application image is verified twice: by i.MX8 itself and by the security elements. Is my understanding correct?

Has NXP ever offered this solution? Do you have a U-Boot that achieves this ?

If NXP has a solution for secure boot using an external secure element with a lighter weight processor instead of i.MX8, please give us an example of that!

Best Regards,

Yukio Oyama

0 Kudos
Reply

Jump to solution
‎02-09-2023 01:10 AM
1,542 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @YukioOyama ,

 

Yes, your understanding is correct. The further verification can be done in U-boot/application, but we don't have a ready solution for this platform, just a demo based on LPC55s, you may refer to SE05x-MW-v04.03.00/simw-top/doc/demos/lpc55s/ex/puf_se05x_sbl/Readme.html and SE05x-MW-v04.03.00/simw-top/doc/stack/secure_boot.html for more details.

 

The MW for SE05x can be fetched from the following link:

https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

Jump to solution
‎03-03-2023 10:04 AM
1,218 Views
Niebel-TQ
Contributor IV

Thank you for sharing these hints. We have the same tasks for a different i.MX CPU. But looking into the current downloadable package (https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license) we saw the source code license (Apache 2.0) is not compatible to U-Boot license (GPL 2.0). When will NXP deliver a release usable from a legal point of view?

0 Kudos
Reply

Jump to solution
‎03-01-2023 03:42 AM
1,250 Views
Niebel-TQ
Contributor IV

Thank you for sharing these hints. We have the same tasks for a different i.MX CPU. But looking into the current downloadable package (https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license) we saw the source code license (Apache 2.0) is not compatible to U-Boot license (GPL 2.0). When will NXP deliver a release usable from a legal point of view?

0 Kudos
Reply

Jump to solution
‎02-09-2023 01:44 AM
1,539 Views
YukioOyama
Contributor III

Hi Kan-san,

It may be difficult for us to create it from scratch.

However, you have helped me to know where to use external secure elements for secure boot. Our next step is to flesh out that concept, and the questions that arise there should be separated from this case.

I close the case. Thanks for your great support

Best Regards,

Yukio Oyama

0 Kudos
Reply