i.MX Security Features & Collateral

Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX Security Features & Collateral

i.MX Security Features & Collateral

i.MX Trust.jpg


Link Comments

Secure Boot 

Secure Boot with i.MX28 HAB Version 4

Applies to i.MX 28 Application Processor

Secure boot in HABv4 enabled devices

Applies to i.MX 6/7/8M Family of Application Processors

Secure Boot in AHAB enabled devices

Applies to i.MX 8/8X/8XLite Family of Application Processors

Extended to support i.MX 8ULP and i.MX 93 Family of Application Processors

Secure boot - step-by-step guides for both HAB and AHAB enabled devices

The link may not be updated with the latest BSP release. Please switch to the latest BSP version for the updated guides.

Encrypted Boot 


Encrypted boot App Note for HABv4 and CAAM enabled devices

Applies to i.MX 6/7/8M Family of Application Processors

Encrypted boot - step-by-step Guides for HAB enabled devices

Encrypted boot - step-by-step Guides for AHAB enabled devices

Link may not be updated with the latest BSP release. Please switch to the latest BSP or the required version.

Security Training








i.MX Security Training

Various Security Training Workshops on older BSP releases.  NDA customers will need to request access from NXP.

Secure Manufacturing Training

Manufacturing Protection: Provision Sensitive Material in an Unsecure Environment

Software Integrity and Data Confidentiality: Establishing Secure Boot and Chain of Trust on i.MX Pro...

This training explores the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors - specifically, establishing secure boot and chain of trust 

Securing Embedded Linux Devices: Pitfalls to Avoid

This training session explores the proven best practices for designing and maintaining secure products, common security pitfalls & tips for hardening embedded Linux devices.

Linux Kernel Security: Overview of Security Features and Hardening

This training session explores how the Linux kernel's configuration can be strengthened to protect against security exploits.

Essential Security Considerations for Edge Applications

This training session introduces key features of embedded security, from secure boot and debug to lifecycle management.

Code Signing Tool

Latest Code Signing Tool

Code Signing Tool (CST) package with complete source code and documentation.

Using Code Signing Tool with Hardware Security Module

Hardware Security Module backend exposed to extend the usage of CST with external HSM

Secure Debug 

Secure Debug on devices with JTAG controller

Applies to i.MX 6/7/8M Family of Application Processors

Secure Debug on devices with JTAG controller and Authenticated Debug Module (ADM)

Applies to i.MX 8/8x Family of Application Processors

Extending the Root of Trust

HABv4 RVT guidelines and recommendations 

The HAB API allows the use of the HAB library to extend the root of trust and authenticate additional software images. This document describes system considerations when planning to make use of this API.

HAB Persistent memory 

HABv4 persistent memory address regions for various i.MX Application Processors

HAB persistent memory is used by HAB to store logs. The base address and size are provided for each processor.



i.MX Porting Guide - Configuring OP-TEE chapter

Guide to OPTEE enablement on various i.MX devices can be requested for customers under NDA

Getting Started with OP-TEE on i.MX Processors

Webinar - Getting started with trusted execution environments (TEE) - OPTEE enablement on various i.MX devices 

Secure  Updates

Secure Over the Air Updates

Source Code 



Enabling SWUpdate on i.MX 6ULL


Secure Software Updates: Designing Ota Updates For Secure Embedded Linux Systems

Secure Over-the-Air Prototype for Linux Using CAAM and Mender or SWUpdate


SWUpdate is a Linux Update agent to provide an efficient and safe way to update an embedded Linux system. SWUpdate supports local and OTA updates, & multiple update strategies


Webinar on Field updates of the software with Over-the-Air (OTA) Incremental updates, full OS updates. Signing of packages and update images, server authentication and other key considerations for securely deploying updates.

Secure Manufacturing

Manufacturing Protection App Note


Manufacturing Protection Verification tool


Secure Manufacturing Training

Guidance to secure manufacturing in supported i.MX devices.

Reference verification tool provided to authorize products with this feature enabled.

Manufacturing Protection: Training on how to provision Sensitive Material in an Unsecure Environment

Public Key Cryptography using CAAM Secure Key

Strengthening Public Key Cryptography using CAAM Secure Key

Source Code

Leveraging the i.MX CAAM module to ensure the transfer of
confidential data upon insecure channels using ECDSA secure keys

Secure Storage

i.MX Encrypted Storage Using CAAM Secure Keys

Understanding SECO Secure Storage and Non-Volatile Memory Management 

This document provides steps to run storage encryption at the block
level using DM-Crypt taking advantage of the secure key feature.

This document describes some of the key concepts related to the Security Controller secure storage and non-volatile memory management. 

Securing Data

Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data

Source Code

This document provides instructions and steps on how to set up and run a
demo application to generate both red and black key blobs and use them to encrypt and decrypt data.

Enhanced OpenSSL using OP-TEE

Enhanced OpenSSL on i.MX Processors App Note

Source Code

The purpose of this document is to describe how to add the support of
accelerated OP-TEE OS with CAAM on top of OpenSSL. 

On The Fly AES Decryption

OTFAD App Note


OTFAD support in i.MX 7ULP Application Processor

Tampering Application 

Tampering Application on i.MX 7D SabreSD Board

Source Code 

The document describes the steps required for software configuration and physical setup for both passive and active tampering on i.MX 7D.

Android™ Security User's Guide & User's Guide



Guide for customization work on security features supported
by i.MX Android software. It provides an overview of the i.MX Android security features and it focuses on how to configure and use these security features.


 User Guide provides instructions for:
 Downloading, patching, and building the software components that create the Android™ image.
 Hardware/software configurations for programming the boot media and
Building OTA update packages.

i.MX ROMs Log Events

i.MX ROMs Log Events

This document describes the details of ROM log events for i.MX 6/7/8/9 series ROM. 

Device Recovery 

HABv4 closed device recovery using UUU

Certain i.MX devices require the DCD pointer in IVT to be cleared before singing the recovery image. This document describes this procedure.


Secure Elements

Quick start guide for EdgeLock™ SE05x & i.MX 8M

Quick start guide for EdgeLock™ SE050 & i.MX 6UltraLite

Quick start guide for A71CH & i.MX 6UltraLite

Ease ISA/IEC 62443 compliance with EdgeLock SE05x 

 Interfacing Secure Elements with the i.MX 

Binding a host device to EdgeLock SE05x

Binding MCUs with TrustZone® and Cryptographic Acceleration and Assurance Module (CAAM) to SE050x Secure Element

Known Limitations & Guidelines

Known limitations and guidelines document

This page contains known limitations in various IPs with i.MX processors.

i.MX Security Community 

i.MX Security community page

This is the parent page for various collateral related to security on i.MX Application Processors

Vulnerability Management

Vigiles™ Software | NXP

Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool.





Training: Best Practices for Triaging Common Vulnerabilities and Exposures (CVEs) in Embedded System...

Training: Introducing: Vigiles

Training: Full Life-Cycle Security Maintenance of Embedded Linux BSPs

Training: BSP Security Maintenance - Best Practices for Vulnerability Monitoring and Remediation

i.MX Security Applications

GitHub - i.MX Security Apps


GitHub for NXP

Contains security applications like:

- CAAM demo applications

- Enhanced OpenSSL using OP-TEE

- HSM SHE examples

- Demo CAAM Blobs

- Manufacturing protection verification tool

Security Reference Manuals

Link to Various i.MX Security Reference Manuals 



Linux BSP Reference Manual

Linux BSP and Reference Manuals


Security Certification

PSA Level 1

NXP PSA L1 Certified Products

PSA Level 2

EdgeLock Secure Enclave 




EdgeLock Secure Enclave




Please contact your NXP representative on the latest processor security certification status 

Security Blogs

U.S. Cyber Trust Mark: NXP Is Ready for the Paradigm Shift with EdgeLock® Assurance Program

Securing Your Industrial Systems with IEC 62443

U.S. Cyber Trust Mark: Security Guidance for IoT Product Developers

How NXP Supports Customers to Achieve 62443 Compliance

Security Whitepapers

Security Primitives: Requirements in (I)IoT Systems 


Security Subsystems for System-on-Chip (SoC) Solutions  

Functional Safety and Security: Essential and Complementary Disciplines for Modern Systems 

The Emergence of Post-Quantum Cryptography 

A solution for 360 degree Industrial Internet Security/ABB-MSFT-NXP 



100% helpful (1/1)
Version history
Last update:
‎12-04-2023 06:46 PM
Updated by: