IMXRT security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to make sure I understood everything correctly about security in IMX RT microcontrollers (I suppose it's more or less the same in 105x, 1062, 1064). There are some things that are not very clear to me after reading the documentation.
So in our product, we want to make sure nobody can run their application on our device(A), and nobody can read back our application and see what's in it (B).
This is my understanding:
A. We use HAB authentication to make sure only image we provide can be loaded to the device. First we create public-private key pair. We use private key to create a certificate which is (along with public key) added to the image and burn the public key to the eFuses. Image also includes HAB section which tells ROM what kind of security is enabled.
When the image is loaded, the device validates the public key, decrypts the certificate using public key and compares if this certificate is right for the image that was received.
-If this is all done correctly, from the moment we load our image, we are safe no one will tamper it of load different one
-My question here is, who does this, ROM? This would mean that ROM can read public key from fuses? My understanding is that ROM can not access them.
B. Encryption. We can also use HAB for this, only in the HAB section, we also include the part that tells ROM that encryption is also enabled. We load encrypted image to flash, and store our KEY to eFuses. At restart, the image is decrypted and loaded to RAM.
-if this is all done correctly, we should also be sure that anyone who reads back everything from flash memory, can not decode it and get our code.
-My question here is also, who does the decryption? ROM ?
All of this will be enough to secure our device, but with the assumption that the attacker can not access eFuses. If someone can do that, he can also get the encryption key.
My understanding is that eFuses can be accessed by the application and JTAG.
If we disable JTAG, and make sure (with A.) that no one puts their application on our device, is there another way for someone to read the fuses?
If someone can answer my questions and tell me if my understanding on the subject is correct, I would be very grateful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Marko Marusic ,
Thank you for your interest in NXP Semiconductor products and for the opportunity to serve you.
1) My question here is, who does this, ROM?
-- Yes, ROM code does this work. A key feature of the boot ROM is the ability to perform a secure boot, also known as a
High-Assurance Boot (HAB). This is supported by the HAB security library which is a subcomponent of the ROM code.
2)My question here is also, who does the decryption? ROM?
--- Yes, ROM code does this work, according to your statement, I think you want to implement the encrypted boot which is described in the section of 2.3 of the application note: AN12079.
3) If we disable JTAG and make sure (with A.) that no one puts their application on our device, is there another way for someone to read the fuses?
-- No, it protects the Fuse from being read after these operations.
Donwload:
https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=AN12079
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------