- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
Hi,
We are developing a product using i.MX8QM. the OS is Linux. Even though we are in the middle of development, it became necessary to add an external security chip as a trust anchor.
I found your SE050 and A7000. To use these as trust anchors, to which I2C port should I connect to the i.MX8QM?
My understanding is that when the external security chip is a trust anchor, the external chip microboots and then the authenticated CPU secure boot boots, then U-boot boots.
In other words, I guessed that it would need to be connected to an I2C port that would work before U-boot. I checked your web site and could not find a connection to the host. Please tell me which port on the i.MX8QM I should connect? Sorry if I missed it.
And if I'm wrong about the system configuration regarding my idea of the root of trust, I would like your suggestion using an external security chip.
Best Regards,
Yukio Oyama
已解决! 转到解答。
Hi @YukioOyama ,
Actually I.MX8QM has its own secure boot flow, but anyway, it is possible to use an external secure element for that purpose, but I don't think you may skip the whole internal secure boot mechanism, because you have to secure boot from the boot ROM to SBL at first, SBL should be U-Boot in your case, and then the SBL starts to use I2C interface and opens session to SE05X , and uses the pre-provisioned key K_PUB_OEM in SE05X to verify secure application image. After successful verification, SBL loads the verified image. so you need not concern about the I2C port has to get ready before the boot.
SE050E has Common Criteria (CC) certified EAL 6+, not sure if it meets your requirement.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @YukioOyama ,
What is the purpose for SE050/A5000 attached with i.MX8QM? Secure boot? Please kindly clarify.
SE050/A5000 can be connected with i.MX8QM via any I2C port . Please kindly refer to https://www.nxp.com/docs/en/application-note/AN13027.pdf for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello Kan-san,
Thanks for your confirmation. I am not familiar with it.
Yes what I want to do is secure boot.
I want the root of trust for secure boot to start from an external security chip instead of writing to eFUSE in i.MX8.
Thus, I thought that the ports that could access the external security chip prior to boot would be limited.
Is my information sufficient for you to support me? If not, please contact me.
Best Regards,
Yukio Oyama
Hello Kan-san,
In microprocessors, there are solutions to secure boot using external secure elements (e.g., Microchip Technology's ATECC608)
Is it possible to add an external secure element like this for a large processor like the i.MX8?
Is it possible depending on the boot code?
I cannot think of a configuration that would work well with the internal secure boot mechanism and the external secure element.
If that were possible, would the boot process skip the internal secure boot when using secure boot with an external security chip?
That might prevent the disposal of expensive i.MX8 processors due to eFuse write failures. But in that case, can you explain whether the EAL (Evaluation Assurance Level) went up or down?
There is an external security tip request because of our internal policy of adopting a more secure boot, but I have to explain that this is not possible.
Best Regards,
Yukio Oyama
Hi @YukioOyama ,
Actually I.MX8QM has its own secure boot flow, but anyway, it is possible to use an external secure element for that purpose, but I don't think you may skip the whole internal secure boot mechanism, because you have to secure boot from the boot ROM to SBL at first, SBL should be U-Boot in your case, and then the SBL starts to use I2C interface and opens session to SE05X , and uses the pre-provisioned key K_PUB_OEM in SE05X to verify secure application image. After successful verification, SBL loads the verified image. so you need not concern about the I2C port has to get ready before the boot.
SE050E has Common Criteria (CC) certified EAL 6+, not sure if it meets your requirement.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello Kan-san,
Thanks for your solution.
I understood that your suggestion is to start with i.MX8 SecureBoot and add authentication by secure elements in the U-Boot.
With SecureBoot in i.MX8, the SecureBoot loader, U-Boot, and app (and maybe even the CortexM Firmware) each image file is verified according to the boot sequence.
By adding the verification by security elements to this, the application image is verified twice: by i.MX8 itself and by the security elements. Is my understanding correct?
Has NXP ever offered this solution? Do you have a U-Boot that achieves this ?
If NXP has a solution for secure boot using an external secure element with a lighter weight processor instead of i.MX8, please give us an example of that!
Best Regards,
Yukio Oyama
Hi @YukioOyama ,
Yes, your understanding is correct. The further verification can be done in U-boot/application, but we don't have a ready solution for this platform, just a demo based on LPC55s, you may refer to SE05x-MW-v04.03.00/simw-top/doc/demos/lpc55s/ex/puf_se05x_sbl/Readme.html and SE05x-MW-v04.03.00/simw-top/doc/stack/secure_boot.html for more details.
The MW for SE05x can be fetched from the following link:
https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Thank you for sharing these hints. We have the same tasks for a different i.MX CPU. But looking into the current downloadable package (https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license) we saw the source code license (Apache 2.0) is not compatible to U-Boot license (GPL 2.0). When will NXP deliver a release usable from a legal point of view?
Thank you for sharing these hints. We have the same tasks for a different i.MX CPU. But looking into the current downloadable package (https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license) we saw the source code license (Apache 2.0) is not compatible to U-Boot license (GPL 2.0). When will NXP deliver a release usable from a legal point of view?
Hi Kan-san,
It may be difficult for us to create it from scratch.
However, you have helped me to know where to use external secure elements for secure boot. Our next step is to flesh out that concept, and the questions that arise there should be separated from this case.
I close the case. Thanks for your great support
Best Regards,
Yukio Oyama
