AnsweredAssumed Answered

IMXRT security

Question asked by Marko Marusic on Sep 13, 2019
Latest reply on Sep 19, 2019 by jeremyzhou

I'm trying to make sure I understood everything correctly about security in IMX RT microcontrollers (I suppose it's more or less the same in 105x, 1062, 1064). There are some things that are not very clear to me after reading the documentation.

 

So in our product, we want to make sure nobody can run their application on our device(A), and nobody can read back our application and see what's in it (B).

 

This is my understanding:

A. We use HAB authentication to make sure only image we provide can be loaded to the device. First we create public-private key pair. We use private key to create a certificate which is (along with public key) added to the image and burn the public key to the eFuses. Image also includes HAB section which tells ROM what kind of security is enabled.

When the image is loaded, the device validates the public key, decrypts the certificate using public key and compares if this certificate is right for the image that was received.

-If this is all done correctly, from the moment we load our image, we are safe no one will tamper it of load different one

-My question here is, who does this, ROM? This would mean that ROM can read public key from fuses? My understanding is that ROM can not access them.

 

B. Encryption. We can also use HAB for this, only in the HAB section, we also include the part that tells ROM that encryption is also enabled. We load encrypted image to flash, and store our KEY to eFuses. At restart, the image is decrypted and loaded to RAM.

-if this is all done correctly, we should also be sure that anyone who reads back everything from flash memory, can not decode it and get our code.

-My question here is also, who does the decryption? ROM ?

 

All of this will be enough to secure our device, but with the assumption that the attacker can not access eFuses. If someone can do that, he can also get the encryption key.

 

My understanding is that eFuses can be accessed by the application and JTAG.

If we disable JTAG, and make sure (with A.) that no one puts their application on our device, is there another way for someone to read the fuses?

 

If someone can answer my questions and tell me if my understanding on the subject is correct, I would be very grateful.

Outcomes