wiki:ventana/security

i.MX6 Security

The i.MX6 SoC used on the Ventana product family contains built-in security at the hardware level.

High Availability Boot (HAB) (Trusted Boot)

Executing trusted and authentic code on an application processor starts with securely booting the device. The i.MX family of application processors provide this capability with the High Availability Boot (HAB) component of the on-chip ROM. The ROM is responsible for loading the initial program image from the boot medium. HAB enables the ROM to authenticate the program image by using digital signatures. This initial program image is usually a bootloader.

HAB provides a mechanism to establish a root of trust for the remaining software components and establishes a secure state on the i.MX.

When using HAB ultimately you will need to blow security keys into the one-time-programmable (OTP) fuses as well as blow a fuse to indicate the board can only boot authenticated firmware images. To do this you need to contact sales@… to create a Gateworks special that leaves the BOOT_CFG_LOCK bit un-blown as typically this fuse is blown on the Gateworks test fixture to avoid users accidentally changing the boot config and bricking their boards.

The process of using HAB is fully documented in Freescale App Note AN4581.pdf.

Requirements for using HAB:

  • create a key and blow it into OTP fuses (see AN5481 below)
  • may need to use mainline U-Boot if the SPL/U-Boot that Gateworks provides is too large to sign (as it supports both NAND/eMMC support and thus pushes the size limit)
  • create a Gateworks special to skip blowing the OTP BOOT_CONFIG fuse (contact sales@…)

References:

Also see Ventana Encryption

Last modified 6 months ago Last modified on 02/28/2018 02:10:28 PM