Qoriq Trust Architecture 2.1 User Guide [hot] Site

NXP’s QorIQ Trust Architecture 2.1 provides a hardware-anchored security framework featuring Secure Boot, ARM TrustZone integration, and anti-rollback protection for embedded systems. Access to the detailed user guide for this confidential, NDA-restricted framework can be requested through the NXP Community. Request the document on the NXP Community.

Part 8: Integrating TA 2.1 with Linux Kernel and CAAM

Once secure boot is active, leverage the Cryptographic Accelerator and Assurance Module (CAAM) for high-speed crypto. qoriq trust architecture 2.1 user guide

1.2 The Security Monitor (SEC-MON)

A dedicated hardware block that controls boot sequence, reset reasons, and lifecycle transitions. It is isolated from the main CPU cores. NXP’s QorIQ Trust Architecture 2

1. The Hardware Root of Trust (RoT)

This is the foundational feature. Unlike software security, which can be patched or bypassed, the Trust Architecture relies on immutable hardware. Secure Boot: When the processor powers on, it

• Secure Boot: When the processor powers on, it doesn't just start the OS. It verifies the signature of the initial bootloader code (RCW/PBI) using on-chip public keys.
• OTP (One-Time Programmable) Memory: The guide details how to blow fuses (physically or virtually) to store cryptographic keys and hashes. Once these fuses are blown, the keys cannot be changed, creating a permanent hardware identity for the chip.

Hardware

• A QorIQ board (e.g., LS1043ARDB, T1040RDB)
• A logic analyzer (optional, for debug)
• A blank TTL serial cable for console output

Chapter 2: The Cryptographic Engines – Blast Processing

TA 2.1 integrates a dedicated Security Engine (SEC) , described in the user guide as a co-processor for crypto workloads. It handles:

• Public key crypto: RSA up to 4096-bit, ECC (P-256, P-384).
• Symmetric crypto: AES (128/192/256), DES/3DES, and Kasumi for telecom.
• Hashing: SHA-1, SHA-224, SHA-256 (mandatory for boot), SHA-384/512.
• Randomness: A true random number generator (TRNG) with entropy validated during boot.

Critically, the SEC operates in protected mode, meaning keys never leave the engine’s boundary—a requirement for FIPS 140-2 compliance.