Please find attached preliminary errata on the two i.MX security vulnerabilities:

• ERR010872 – Secure Boot Vulnerability when using the Serial Downloader (CVE-2017-7936)
• ERR010873 – Secure Boot Vulnerability when Authenticating a Certificate (CVE-2017-7932)

These are preliminary versions of the errata. Final versions will be incorporated into the Chip Errata (CE) document for each impacted device at a later date.

Customer Notification

A Customer Information Notification(CIN 201704026I) with the affected part numbers has been sent out to impacted users.

Updated Silicon Sample Availability

An Advanced Product Change Notification (A-PCN 201705010A), that provides updated silicon availability information has also been sent out to impacted users.

Mitigations

An Engineering Bulletin (EB00854) on possible mitigation strategies is available to impacted users and can be requested through your NXP field support team or distributor. 

Further Questions or Support

Please contact your NXP support representative or enter a support request for further questions on this topic indicating the part number and the mass production start date.