Qoriq Trust Architecture 2.1 User Guide May 2026

Set the physical pins or fuses to move the device from "Non-Secure" to "Secure" mode. In this mode, the CPU will refuse to boot any image that is not signed correctly. 6. Best Practices for Trust Architecture 2.1

The ISBC (in ROM) initializes the SEC engine. qoriq trust architecture 2.1 user guide

Using the CST, wrap your bootloader (e.g., u-boot.bin ) with a . This header contains the public key, the signature of the image, and the load addresses. Step 3: Fuse Blowing (Development vs. Production) Set the physical pins or fuses to move

The SEC block handles high-speed cryptographic operations, including RSA signature verification and AES decryption, offloading these tasks from the main CPU cores. D. One-Time Programmable (OTP) Fuses Best Practices for Trust Architecture 2

Use the Monotonic Counter fuses to ensure an attacker cannot downgrade your firmware to an older version that had a known security flaw.

You can test Secure Boot using "Development" keys without blowing fuses by using the SoC's override registers.