To enable Secure Boot in TA 2.1, developers must follow a specific workflow:
: Handles RSA and Elliptic Curve Cryptography (ECC) operations. 4. Security Monitor (DryIce)
The ISBC validates the initial boot image (PBI commands and the next stage bootloader) using an RSA public key hash stored in the hardware fuses. 3. External Secure Boot Code (ESBC) qoriq trust architecture 21 user guide
Generate a key pair table (up to 4 keys can be specified for revocation purposes).
A Trusted Platform is a system which does what its stakeholders expect it to do, resisting attackers it fails safe. NXP Community Layerscape Secure Platform - NXP Semiconductors To enable Secure Boot in TA 2
Physical enclosure breaching (via dedicated tamper detection loops) Security State Machine and Zeroization
Embedded within the software image container. A cryptographic fingerprint (hash) of this key is programmed into the processor's physical hardware fuses. Step-by-Step Fuse Provisioning Workflow resisting attackers it fails safe.
Use the monotonic counters in the SNVS to implement a robust firmware revocation policy.
A multi-stage process that verifies each piece of software in the boot chain before it is launched.