Topic |
Link | Comments |
Secure Boot |
Applies to i.MX 28 Application Processor | |
Applies to i.MX 6/7/8M Family of Application Processors | ||
Applies to i.MX 8/8X/8XLite Family of Application Processors Extended to support i.MX 8ULP and i.MX 93 Family of Application Processors |
||
Secure boot - step-by-step guides for both HAB and AHAB enabled devices |
The link may not be updated with the latest BSP release. Please switch to the latest BSP version for the updated guides. | |
Encrypted Boot
|
Applies to i.MX 6/7/8M Family of Application Processors | |
Encrypted boot - step-by-step Guides for HAB enabled devices Encrypted boot - step-by-step Guides for AHAB enabled devices |
Link may not be updated with the latest BSP release. Please switch to the latest BSP or the required version. | |
Security Training
|
Various Security Training Workshops on older BSP releases. NDA customers will need to request access from NXP. | |
Manufacturing Protection: Provision Sensitive Material in an Unsecure Environment |
||
This training explores the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors - specifically, establishing secure boot and chain of trust | ||
This training session explores the proven best practices for designing and maintaining secure products, common security pitfalls & tips for hardening embedded Linux devices. | ||
Linux Kernel Security: Overview of Security Features and Hardening |
This training session explores how the Linux kernel's configuration can be strengthened to protect against security exploits. | |
This training session introduces key features of embedded security, from secure boot and debug to lifecycle management. | ||
Code Signing Tool |
Code Signing Tool (CST) package with complete source code and documentation. |
|
Hardware Security Module backend exposed to extend the usage of CST with external HSM |
||
Secure Debug |
Applies to i.MX 6/7/8M Family of Application Processors |
|
Secure Debug on devices with JTAG controller and Authenticated Debug Module (ADM) |
Applies to i.MX 8/8x Family of Application Processors |
|
Extending the Root of Trust |
The HAB API allows the use of the HAB library to extend the root of trust and authenticate additional software images. This document describes system considerations when planning to make use of this API. |
|
HAB Persistent memory |
HABv4 persistent memory address regions for various i.MX Application Processors |
HAB persistent memory is used by HAB to store logs. The base address and size are provided for each processor. |
OP-TEE
|
Guide to OPTEE enablement on various i.MX devices can be requested for customers under NDA |
|
Webinar - Getting started with trusted execution environments (TEE) - OPTEE enablement on various i.MX devices |
||
Secure Updates |
______________________________
Enabling SWUpdate on i.MX 6ULL ______________________________ Secure Software Updates: Designing Ota Updates For Secure Embedded Linux Systems |
Secure Over-the-Air Prototype for Linux Using CAAM and Mender or SWUpdate ______________________________ SWUpdate is a Linux Update agent to provide an efficient and safe way to update an embedded Linux system. SWUpdate supports local and OTA updates, & multiple update strategies ___________________________ Webinar on Field updates of the software with Over-the-Air (OTA) Incremental updates, full OS updates. Signing of packages and update images, server authentication and other key considerations for securely deploying updates. |
Secure Manufacturing |
Manufacturing Protection App Note
Manufacturing Protection Verification tool
|
Guidance to secure manufacturing in supported i.MX devices. Reference verification tool provided to authorize products with this feature enabled. Manufacturing Protection: Training on how to provision Sensitive Material in an Unsecure Environment |
Public Key Cryptography using CAAM Secure Key |
Leveraging the i.MX CAAM module to ensure the transfer of |
|
Secure Storage |
i.MX Encrypted Storage Using CAAM Secure Keys Understanding SECO Secure Storage and Non-Volatile Memory Management |
This document provides steps to run storage encryption at the block This document describes some of the key concepts related to the Security Controller secure storage and non-volatile memory management. |
Securing Data |
Demo Application to Generate Red/Black Blobs Using CAAM and Encrypt/Decrypt Data |
This document provides instructions and steps on how to set up and run a |
Enhanced OpenSSL using OP-TEE |
The purpose of this document is to describe how to add the support of |
|
On The Fly AES Decryption |
OTFAD support in i.MX 7ULP Application Processor |
|
Tampering Application |
The document describes the steps required for software configuration and physical setup for both passive and active tampering on i.MX 7D. |
|
Android™ Security User's Guide & User's Guide
|
|
Guide for customization work on security features supported |
|
User Guide provides instructions for: |
|
i.MX ROMs Log Events |
This document describes the details of ROM log events for i.MX 6/7/8/9 series ROM. |
|
Device Recovery |
Certain i.MX devices require the DCD pointer in IVT to be cleared before singing the recovery image. This document describes this procedure. |
|
Secure Elements |
Quick start guide for EdgeLock™ SE05x & i.MX 8M Quick start guide for EdgeLock™ SE050 & i.MX 6UltraLite |
Interfacing Secure Elements with the i.MX |
Binding MCUs with TrustZone® and Cryptographic Acceleration and Assurance Module (CAAM) to SE050x Secure Element |
||
Known Limitations & Guidelines |
This page contains known limitations in various IPs with i.MX processors. |
|
i.MX Security Community |
This is the parent page for various collateral related to security on i.MX Application Processors |
|
Vulnerability Management |
Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool.
|
|
Training: Full Life-Cycle Security Maintenance of Embedded Linux BSPs |
||
Training: BSP Security Maintenance - Best Practices for Vulnerability Monitoring and Remediation |
||
i.MX Security Applications |
|
Contains security applications like: - CAAM demo applications - Enhanced OpenSSL using OP-TEE - HSM SHE examples - Demo CAAM Blobs - Manufacturing protection verification tool |
Security Reference Manuals |
Link to Various i.MX Security Reference Manuals |
|
Linux BSP Reference Manual |
||
Security Certification |
PSA Level 1 PSA Level 2 SESIP 1 SESIP 2 CAVP |
Please contact your NXP representative on the latest processor security certification status |
Security Blogs |
U.S. Cyber Trust Mark: NXP Is Ready for the Paradigm Shift with EdgeLock® Assurance Program |
U.S. Cyber Trust Mark: Security Guidance for IoT Product Developers How NXP Supports Customers to Achieve 62443 Compliance |
Security Whitepapers |
Security Primitives: Requirements in (I)IoT Systems Security Subsystems for System-on-Chip (SoC) Solutions Functional Safety and Security: Essential and Complementary Disciplines for Modern Systems The Emergence of Post-Quantum Cryptography A solution for 360 degree Industrial Internet Security/ABB-MSFT-NXP |