Qoriq Trust Architecture 2.1 User Guide -

The QorIQ Trust Architecture 2.1 represents a mature, flexible, and powerful security framework for embedded systems. By providing a silicon-based hardware root of trust, it enables developers to build systems that can resist both remote and physical attacks.

The Trust Architecture works alongside Arm TrustZone to provide multiple layers of partitioning. TrustZone provides processor-level separation between Secure World and Non-Secure World, while Trust Architecture adds additional isolation capabilities for system resources beyond the processor.

Trust Architecture (TA) 2.1 devices include the LS1012A, LS1021A, LS1043A, and LS1046A. These devices incorporate the same trust architecture and software compatibility of higher-tier QorIQ LS family devices, enabling scalable, secure applications that leverage a common 64-bit software platform.

If the device unexpectedly enters the "Fail" state, check if the external tamper pins are floating. Unused tamper pins must be tied to their appropriate inactive voltage levels. Security Best Practices qoriq trust architecture 2.1 user guide

Continuously monitors the integrity of the running software to detect unauthorized changes after the boot process is complete.

The Fuse Processor manages an array of electronic fuses (eFuses). Once a fuse is blown (programmed from 0 to 1), it cannot be reversed. These fuses store public key hashes, cryptographic properties, OEM configurations, and debug permissions. 3. The Secure Boot Sequence (Chain of Trust)

Overall assessment

RSA (up to 4096-bit keys) and Elliptic Curve Cryptography (ECC).

Ensure only signed, authentic software runs on the platform.

The architecture is comprised of several integrated hardware blocks and software protocols that work in tandem to secure the platform: The QorIQ Trust Architecture 2

The SNVS block monitors internal sensors and external pins for anomalous conditions indicative of a physical attack:

Deploying TA 2.1 in a production environment requires a systematic workflow. Step 1: Key Generation