Qoriq Trust Architecture 2.1 User Guide May 2026

The QorIQ Trust Architecture 2.1 User Guide is a restricted, non-public document detailing secure boot, immutable root of trust, and cryptographic validation on NXP processors. Access to this specification, which outlines the hardware-based, end-to-end security chain and fuse-based protection, requires a signed Non-Disclosure Agreement (NDA) with the manufacturer. Details on requesting this documentation can be found in the NXP Community forums. INTRODUCTION TO QORIQ TRUST ARCHITECTURE

6. Anti-Rollback Protection

A common attack is to "downgrade" a device's firmware to an older version that had a known security vulnerability. qoriq trust architecture 2.1 user guide

1. Development: Code and sign binaries using NXP’s Code Signing Tool (CST) . The CST creates a signature table appended to the image.
2. Fusing (Manufacturing): Program the SRK Hash and security configuration into the OTPMK fuses. This is irreversible.
3. Deployment: Burn the final signed image to flash. On reset, the ROM verifies → PBL verifies → application runs.

4.2 Blowing the SRK Hash

Use the secboot_hdrs tool or NXP’s ls-secure-boot from the FlexBuild scripts. The QorIQ Trust Architecture 2

• The document is dense and mixes concepts (e.g., Trust 2.1 vs 2.0 differences are scattered).
• No quick-start section; you must read ~50 pages before practical steps.

Part 3: Key Generation and SRK Hash Creation

TA 2.1 supports RSA 4K or ECC P-256. We will use RSA 4K as the default. Development: Code and sign binaries using NXP’s Code

Security State Transition: If any signature check fails, the Security Monitor triggers a "Check-in" failure, moving the device into a "Fail" state where sensitive keys are wiped and execution is halted. 3. Key Management and Encapsulation

=> fuse prog -y 0 0x0 0x3C2F...
... (you must split the 256-bit SRK hash across 8 32-bit fuse rows)