Hi.
We are using CAAM of the i.MX6UL and I would like to ask the following questions:
1) What is the difference between Trusted and Secure state?
2) What is the purpose of Secure state (compared to the Trusted State)? If I understand it correctly, the device enters Trusted State after a secure boot.
3) Why would there be a transition from the Trusted State to Secure State and by whom and when it is initiated? Figure 6-2. SNVS security state machine diagram of the i.MX6UL Security Reference manual (Rev. C, 09/2015) states that transitions between these two states are "Software-instantiated" without any clarification.
4) On Secure Boot in Closed Configuration, the i.MX6UL Security Reference manual (Rev. C, 09/2015) states:
“All HAB functions are executed and security hardware is initialized (the Security Controller, or SNVS, enters Secure state) …”. Is this the Secure State or Trusted State?
Once booted – Linux kernel declares it is rather in the Trusted state and not the Secure state.
4) Figure 6-2. SNVS security state machine diagram of the i.MX6UL Security Reference manual (Rev. C, 09/2015) states that the device enters Non-secure state "Upon failure of any of various hardware and software security checks". What exactly is checked?
Regards
Michal
Hi Michal
1. please check
2.3. for arm architecture one can look at
TrustZone – Arm Developer
ARM Information Center
Right, linux kernel declares it is rather as Trusted state, secure is more narrow meaning
for processor.
4. please look on AN4581 Secure Boot
https://www.nxp.com/docs/en/application-note/AN4581.pdf
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Hi Igor.
All my questions are related to the security states as used in the i.MX6UL Security Reference manual. These are neither defined in Wikipedia, nor on the ARM web pages.
The document AN4581 does not contain much information on the security states and transitions between them. Again, I am referring to the section "Security Monitor security states" of the i.MX6UL Security Reference Manual.
Regards,
Michal