i.MX 8 Security Overview.pdf

发布时间：2022-06-06 发布人：admin 分类：说明书资料大小：1.01M 资料格式：pdf 举报版权申诉

embededman-13619776-4744300845372026748.pdf-第1页.png

第1页 / 共44页

embededman-13619776-4744300845372026748.pdf-第2页.png

第2页 / 共44页

embededman-13619776-4744300845372026748.pdf-第3页.png

第3页 / 共44页

embededman-13619776-4744300845372026748.pdf-第4页.png

第4页 / 共44页

embededman-13619776-4744300845372026748.pdf-第5页.png

第5页 / 共44页

embededman-13619776-4744300845372026748.pdf-第6页.png

第6页 / 共44页

embededman-13619776-4744300845372026748.pdf-第7页.png

第7页 / 共44页

embededman-13619776-4744300845372026748.pdf-第8页.png

第8页 / 共44页

文本预览

i.MX 8 Security Overview John Cotner Security Architect - Automotive October 2018 | AMF-AUT-T3363 Company Public – NXP, the NXP logo, and NXP secure connections for a smarter world are trademarks of NXP B.V. All other product or service names are the property of their respective owners. © 2018 NXP B.V.

"There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: Those that have been hacked and will be again." - Robert Mueller, sixth director of the FBI “A system is good if it does what it’s supposed to do and secure if it doesn’t do anything else.” - Dr. Eugene “Spaf” Spafford, Purdue COMPANY PUBLIC 1

Core Security Principles in Automotive Systems Secure Interfaces Secure Gateway Secure Networks Secure Processing Prevent access Detect attacks Reduce impact Fix vulnerabilities M2M Authentication & Firewalling Firewalling (context-aware message filtering) Intrusion Detection Systems (IDS) Separated Functional Domains Secure Messaging Message Filtering & Rate Limitation Secure OTA Updates Code / Data Authentication (@ start-up) Code / Data Authentication (@ run-time) Resource Control (virtualization) COMPANY PUBLIC 2

i.MX 8 Security COMPANY PUBLIC 3

i.MX 8 Series Security Architecture Overview Public Key (Hashes) Replay Protection Device Unique Secrets Security State Partitioned Secure RAM i s e n g n E o t p y r C y t i r u c e S r e l l o r t n o C P T O s m r a A l HDMI-TX HDMI-RX MLB Private Key Bus VPU HDCP 1.x/2.x HDCP 1.x/2.x DTCP M O R e m i t n u R Encrypted Flash External Memory Flex-SPI DDR Controller IEE for On-the-Fly Decryption/Encryption i n a m o d i n a m o d Busses with Resource Domain, TrustZone Access Controls, and SMMU e c n a r u s s A h g H i JTAG Secure Debug (TZ, NS) s r o s n e S r e p m a T t c e t e D t e r c e S C T R Active i t c n o o n o M t r e n u o C Cortex-A CPUs Trust Zone System Controller Boot ROM Cortex M4(s) MMCAU Bus Masters COMPANY PUBLIC 4

Security Features • SECO Security Microcontroller (Cortex-M0+,133Mhz) − Isolated security domain − Higher protection for root secrets and key management functions • DTCP (Digital Transport Content Protection) – Authentication engine with secure interface for key loading • IEE (Inline Encryption Engine) – Cryptographic protection of data in external memory • ADM (Authenticated Debug Module) – Secure debug, Lifecycle handling, Access and Violation control • Enhanced CAAM − 64KB Secure RAM − Cryptographic acceleration on cryptography Algorithms − RTIC (Runtime Integrity Checker) : Ensures integrity of the memory contents COMPANY PUBLIC 5

Security Features (2 of 2) • SNVS (Secure Non-Volatile Storage) − Secure State Machine − 10 external tamper pins that can be configured to support 5 active meshes or 10 passive meshes − Analog sensors for temperature, voltage, frequency tamper detection • Encrypted “execute in place” (XIP) capability from QSPI • xRDC – HW isolation at chip level (Resource Domains) • Cryptographic binding of resource domain identity for secure storage − Key storage in external flash • Fast secure boot − ECDSA up to 1024 module with SHA-512 • Fast signature verifications using P-256 Elliptic Curve for V2X COMPANY PUBLIC 6

i.MX Product Security Features Overview Feature i.MX6Q/D/S i.MX6SX i.MX6UL i.MX7S/D Security Controller (SECO) AES128/192/256, SHA1/256, DES/3DES Elliptic Curve DSA (up to P521/B571) RSA (up to 4096) Crypto Accelerator Unit (CAU) (DES, AES co-processor instruction) Certifiable RNG Run Time Integrity Protection Isolated security applications (e.g. SHE) x ✓ x x ✓ x x x ✓ x x ✓ x x x ✓ ✓ x ✓ ✓ x x ✓ ✓ x ✓ ✓ x High Assurance Boot (RSA, ECDSA) ✓RSA ✓RSA ✓RSA ✓RSA Encrypted Boot Secure Debug Always ON domain Secure Storage (non-volatile) Tamper Detection Signal Volt/Temp/Freq Detect Inline Encryption Manufacturing Protection Resource Domain Isolation ✓ ✓ ✓ ✓ ✓ x x x x Content Protection ✓ 6Q 1.x only ✓ ✓ ✓ ✓ ✓ x x x ✓ x ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Active ✓ Active ✓ ✓ BEE x x x ✓ x ✓ ✓ x i.MX8QM ✓ i.MX8QXP ✓ ✓ + SHA 384/512 ✓ + SHA 384/512 ✓ ✓ High performance High performance ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Domains ✓ Domains ✓ ✓ ✓ Active ✓ ✓ IEE ✓ ✓ ✓ HDCP 1.x/2.x, DTCP COMPANY PUBLIC 7 ✓ ✓ ✓ Active ✓ ✓ IEE ✓ ✓ ✓ DTCP

分享到：

赞收藏

资料库

i.MX 8 Security Overview.pdf

相关推荐

安全技术

热门标签

最新资料