Implementing TA 2.1 requires integrating NXP's security software utilities into your embedded software build system (such as Yocto Project). NXP CST (Cryptographic Tool Suite)
TA 2.1 supports RSA 4K or ECC P-256. We will use RSA 4K as the default.
Based on associated documentation and public summaries, this architecture version includes:
High-speed processing for AES, DES, and 3DES. qoriq trust architecture 2.1 user guide
The QorIQ Trust Architecture is NXP’s name for the product line’s architecture for achieving a trusted partition. In the context of the chip's implementation, if developers properly leverage the hardware hooks, "trust" means that the software loaded during manufacturing or authorized updates is the exact software that executes following system boot.
The watches for:
: If the signature matches, the code is executed; otherwise, the device enters a "Secure Check Fail" state and stops. Accessing Documentation Implementing TA 2
If the hashes match, the ISBC uses the public key to verify the digital signature of the ESBC.
Hardware-based entropy generation compliant with NIST SP800-90A. Internal Secure Memory (SFP and SNVS)
Using the CST, wrap your bootloader (e.g., u-boot.bin ) with a . This header contains the public key, the signature of the image, and the load addresses. Step 3: Fuse Blowing (Development vs. Production) Based on associated documentation and public summaries, this
To implement the 2.1 architecture, several hardware modules work in tandem: A. Internal Secure Boot Code (ISBC)
A dedicated hardware block that controls boot sequence, reset reasons, and lifecycle transitions. It is isolated from the main CPU cores.