QorIQ Platform's Trust Architecture Overview: Add Trust...
31
External Use TM QorIQ Platform's Trust Architecture Overview: Adding Trust to Networked and Networking Systems FTF-NET-F0070 APR.2014 Geoff Waters | Systems Architect
Transcript of QorIQ Platform's Trust Architecture Overview: Add Trust...
External Use
TM
QorIQ Platform's Trust Architecture
Overview: Adding Trust to Networked and
Networking Systems
FTF-NET-F0070
A P R . 2 0 1 4
Geoff Waters | Systems Architect
TM
External Use 1
Agenda
• What is a Trustworthy System?
• What does Trust Architecture provide?
− Secure Boot
− Memory Access Control/Strong Partitioning
− Persistent Storage
− Security State Monitoring
− Master Secrets
− Security Violation Detection
− Secure Debug
TM
External Use 2
Trustworthy System
Freescale’s definition:
A Trustworthy system is a system which does what its stakeholders
expect it to do, resisting attackers with both remote and physical
access, else it fails safe.
Freescale Trust Architecture SoCs provide OEM controlled silicon
features which simplify the development of trustworthy systems. The
Trust Architecture is an opt in scheme, with OEM controlled trade-
offs in cryptographic strength, debug visibility, sensitivity of tamper
detection, and anti-cloning mitigation.
TM
External Use 3
Objectives of the QorIQ Platform’s Trust Architecture
1. 100% Optional
− The Trust Architecture is optional. Nothing is required to disable the Trust Architecture in a device shipped by Freescale. All trust
features are enabled as the result of conscious decisions to set fuses and perform code signing on the part of the OEM.
2. Prevent unvalidated code from executing
− The secure boot process detects unauthorized modifications to OEM software and system configuration information (such as device
trees or certificates) at boot time, and when detected, the unauthorized code is prevented from booting.
− At runtime, Trust Architecture supports detection of unauthorized modification of software or other memory contents via the Runtime
Integrity Checker.
3. Protect persistent and ephemeral device secrets against extraction or exposure
− Persistent secret values programmed into the Security Fuse Processor (OTPMK and Secure Debug Response Value) cannot be
extracted by any means short of physically de-processing the device.
− In devices with battery backed low power section, the Zeroizable Master Key cannot be extracted or exposed once provisioned (read
lock set).
− Once initialized, the special ephemeral keys, including Job Descriptor Key Encryption Keys, Trusted Descriptor Signing Keys, cannot
be extracted or exposed.
4. Protect persistent and ephemeral device secrets against mis-use
− Upon detection of a security violation, persistent secrets are locked out until the next device reset which passes secure boot with no
hardware security violations. The exceptions to this are;
− Secure Debug Response Value: Only locked out by 3 failed debug challenge/response cycles.
− Zeroizable Master Key: Security violations configured as ‘fatal’ zeroize the ZMK rather than locking it out.
− Ephemeral secrets are always cleared on the detection of a security violation.
5. Support strong partitioning
− The private resources of one software partition must not be accessible by another software partition.
TM
External Use 4
QorIQ Platform’s Trust Architecture – Non-Objectives
1. Preventing advanced physical attacks
− As noted earlier, Freescale recognizes that the contents of the Security Fuse Processor can be read by careful de-processing of the device. This attack destroys the QorIQ device, however cryptographic blobs protected with the OTPMK could be recovered from system memory and decrypted.
− Memories and registers locked out or zeroized upon detection of security violations may be subject to memory remanence attacks.
− The SEC’s PKHA implements timing equalization, and the AESA implements differential power analysis resistance features, however the effectiveness of these features have not been independently evaluated. Other side channel attack methods, against the SEC and CPUs, may be possible given sufficient motivation.
− Operating the device outside of specified voltage, temperature, or frequency ranges can lead to unexpected failure modes. Freescale has attempted to make all failure modes ‘fail safe’, but the full range of possible glitches have not been evaluated.
− The Trust Architecture incorporates tamper detection inputs which OEMs can use to alert the device to physical attacks. Without using the Zeroizable Master Key, the highest consequence of a security violation is the OTPMK being locked out. Attackers should be assumed to be capable of bypassing external tamper detection logic and rebooting the system with no hardware security violations detected.
2. Providing absolute partitioning
− The Trust Architecture’s support for strong partitioning is based on access control mechanisms. If a resource is private to partition 1, partition 2 must not be able to access that resource, directly or indirectly. This is different from absolute partitioning or isolation, in which partition 2 is unable to interfere with the operation of partition 1. From internal and external bus bandwidth consumption to unfiltered buffer releases, Freescale knows of many scenarios in which partition 2 can interfere with partition 1.
− Note that Freescale is working within the Multi-core for Avionics (MCFA) working group to help bound the extent of this interference, including worst case execution time analysis.
3. Operating as a single edged sword
− The Trust Architecture is designed to constrain the conditions under which the system can operate. Attackers can cause security violations for the purpose of shutting down the system. The Trust Architecture offers configuration options allowing OEMs to make trade-offs in security violation sensitivity and consequences, but it is beyond the scope of a Trust Architecture device to ‘know’ when Trust is being exploited to disrupt the system. Attackers in a position to trigger security violations could be capable of causing other types of system failures.
TM
External Use 5
The Trust Architecture Tool Kit
• Hardware security policy enforcement
− Irreversible configuration of major policy decisions
Secure Boot/Image Validation
Integrity of the image validation key
Debug Permissions
− Resettable (by trusted SW) secondary policy decisions
Content of image to be validated
Key to be used for validation
HW security violation sources & consequences
Memory access controls
• Secure Storage
− Device secrets only usable by hardware
− Locked out/wiped out on security violation
− User secrets protected by device secrets
• Protected Storage
− Access controlled on-chip and off-chip memory
• Hardware security state tracking
− Security violation detection and reaction
• Anti-cloning mitigation with FSL Unique ID per device
TM
External Use 6
Trust Acronyms
• OEM: Original Equipment Manufacturer; the purchaser of the QorIQ device
• IBR: Internal Boot ROM
• ISBC: Internal Secure Boot Code
• ESBC: External Secure Boot Code
• PBL: Pre-Boot Loader
• SFP: Secure Fuse Processor
• RCW: Reset Configuration Word
• SRK: Super Root Key
• SRKH: Super Root Key Hash
• SecMon: Security Monitor
• SEC: Security Engine (crypto accelerator)
• OUID: OEM Unique ID
• FUID: Freescale Unique ID
• ITS: Intent To Secure
• OTPMK: One Time Programmable Master Key
• DCD: Device Configuration Data
• PAMU: Peripheral Access Management Unit
• ITS: Intent To Secure
TM
External Use 7
Generic Trust Architecture SoC
Coherent Interconnect
IOMMU
Security Fuses
Power Mgmt
SD/MMC
USB w/PHY
DUART
SPI
GPIO
PreBoot Loader
Security Monitor
Internal BootROM
CCSR
IFC
SERDES
PME
SEC QMan
BMan
RMAN
Watchpoint Cross Trigger
Perf Monitor
CoreNet Trace
Aurora
Real Time
Debug
SA
TA
DCE
FMan Complex
Clocks/Reset
RMan
Parse, Classify, Distribute
Buffer
MAC MAC
FMan/WRIOP
PC
Ie
PC
Ie
sR
IO
sR
IO
PC
Ie
PC
Ie
SA
TA
DMAx2
Battery Back-up
Plat
Cache
DDR Controller
General Purpose
Processor
HV MMU
SDC
Tamper
Detect(s)
General Purpose
Processor
HV MMU
General Purpose
Processor
HV MMU
General Purpose
Processor
HV MMU
MAC MAC I2C
IOMMU IOMMU
TM
External Use 8
Secure Boot: Verifying Code before Execution
Code Signing Signature Verification
Public Key(s)
Private Key Private Key
Encryption
Public Key(s)
Message
Digest Hash Pass/Fail Compare
Hash Sum
Fuse Box
Public Key
/List Hash
Signature
Verify
Key/List
Public Key
Decryption
Public Key(s)
Signature
D, N
E, N HashE mod N
Fuse Box
Public Key
/List Hash
Hash
Key/List
CSF Header
Code Signing
Tool Internal Secure Boot Code (on-chip ROM)
Image Image
S/G Table
CSF Header
S/G Table
Message
Digest Hash
TM
External Use 9
SoC
ISBC
CSF Header
ESBC PubKey
ESBC:
Bootloader
Bootscript
Kernel Image
Root File System
Device Tree
Chain of Trust
Monolithic
CSF Header
ESBC PubKey
ESBC Bootloader
Normal SoC initialization/Bootloader code
End normal initialization/
esbc_validate img_hdr
[pub_key_hash]
Esbc_Halt
CSF Header
BootScript PubKey
esbc_validate
[Img1 header addr]
[Img1 pub_key hash]
esbc_validate
[Img2 header addr]
[Img2 pub_key hash]
esbc_validate
[Img3 header addr]
[Img3 pub_key hash]
bootm [img1 addr] [img2 addr] [img3 addr]
CSF Header
Image 1 PubKey
Image 1 Kernel Image
CSF Header
Image 2 PubKey
Image 2 Root File System
CSF Header
Image 3 PubKey
Image 3 Device Tree
Secure Boot: Monolithic vs Chain of Trust
TM
External Use 10
Persistent Storage - Security Fuse Processor
Trust Arch 1.x & 2.0
FSL Section
1b - FSL Section Write Protect
32b - FSL Unique ID
32b - FSL Scratchpad 0
32b - FSL Scratchpad 1
OEM Section
1b - OEM Section Write Protect
1b - Intent to Secure
1b - Clear_SFF (disable Scan)
1b - SEC disable
3b - Key Revocation (Trust 2.0 only)
2b - Debug mode
Open
Conditionally closed w/o notification
Conditionally closed w/ notification
Locked
256b – Super Root Key Hash (2.0 supports list)
64b - Debug Challenge Value
64b - Debug Response Value
256b - One Time Programmable Master Key
32b - OEM Unique ID
32b - OEM Scratchpad
32b - OEM Scratchpad
Persistent device secrets
Root of Trust for Verification
TM
External Use 11
Battery Backed portion of Security Monitor
SEC
AESA
Key Select:
• OTPMK
• ZMK
• Combined MK
SFP
One Time
Programmable Master
Key
RNG
Zeroizable Master
Key
Master
Key
32b General
Purpose
Registers 0-3
Monotonic
Counter(s) Trust 2.0+
Trust 1.1+
45 SOI products, including P3041, P5020, P5040, C29x (45nm
devices with support for the battery backed LP section)
1.0v supply, worst case process, at two different ambient temps.
•132uW @ 40C
•195uW @ 70C
28HPM products, including T4240, T2080, B4860
1.0v supply, worst case process, at two different ambient temps
•40uW @ 40C
•55uW @ 70C
Battery Backed SecMon Current Draw
TM
External Use 12
Blob Encryption
Data AES-CCM
encryption
B0 CTR0
RNG
Blob key
256 AES-ECB
encryption
Blob key encryption key
Enc. Key
Enc. Data
MAC
Cryptographic blob
Plaintext
Ciphertext
Plaintext
Memory
Ciphertext
OTPMK or ZMK
TM
External Use 13
CSF Header
ESBC PubKey
ESBC Bootloader
Normal SoC initialization/Bootloader code
End normal initialization/ esbc_validate img_hdr
[pub_key_hash]
Esbc_Halt
SoC
ISBC
CSF Header
BootScript PubKey
esbc_validate
[Blob 1 header addr]
[Blob 1 pub_key hash]
esbc_blob_decap
[Blob 1 addr][size]
[Image1 dest address]
esbc_validate
[Blob 2 header addr]
[Blob 2 pub_key hash]
esbc_blob_decap
[Blob 2 addr][size]
[Image2 dest address]
esbc_validate
[Blob 3 header addr]
[Blob 3 pub_key hash]
esbc_blob_decap
[Blob 3 addr][size]
[Image3 dest address]
Bootm [Image1][Image2][Image3]
CSF Header
Blob 1 PubKey
Blob 1 [Kernel Image]
CSF Header
Blob 2 PubKey
Blob 2 [Root File System]
CSF Header
Blob 3 PubKey
Blob 3 [Device Tree]
Kernel Image
Root File System
Device Tree
Secure Boot with Blobs
TM
External Use 14
SEC 5.x QorIQ’s Full Featured Crypto
Acceleration Engine
Job Queue
Controller
Descriptor
Controllers
DM
A
RT
IC
Queue
Interface
Job Ring I/F
DESA AESA
CHAs
MDHA
AFHA PKHA STHA
RNG4
KFHA
ZHA
Public Key Hardware Accelerator (PKHA) •RSA and Diffie-Hellman (to 4096b) •Elliptic curve cryptography (1024b) •Supports Run Time Equalization
Random Number Generators (RNG4) •DRBG with True RNG for seeding
Snow 3G Hardware Accelerators (STHA) • Implements Snow 3.0 • Two for Encryption (F8), two for Integrity (F9)
ZUC Hardware Accelerators (ZHA) • EEA-1 (encryption) & EIA-2 (integrity)
ARC Four Hardware Accelerators (AFHA) • Compatible with RC4 algorithm
Kasumi F8/F9 Hardware Accelerators (KFHA) •F8 , F9 as required for 3GPP •A5/3 for GSM and EDGE •GEA-3 for GPRS
Message Digest Hardware Accelerators (MDHA) •SHA-1, SHA-2 256,384,512-bit digests • MD5 128-bit digest •HMAC with all algorithms
Advanced Encryption Standard Accelerators (AESA) •Key lengths of 128-, 192-, and 256-bit •ECB, CBC, CTR, CCM, GCM, CMAC, OFB, CFB, XCBC-MAC, and XTS
Data Encryption Standard Accelerators (DESA) •DES, 3DES (2K, 3K) •ECB, CBC, OFB modes
CRC Unit •CRC32, CRC32C, 802.16e OFDMA CRC
Header & Trailer off-load for the following Security Protocols: •IPSec, SSL/TLS, 3G RLC, PDCP, SRTP, 802.11i, 802.16e, 802.1ae
TM
External Use 15
Init
Check
Non-
Secure
Hard
Fail
Trusted
Secure
No HW_Sec_Vio +
SW commands
transition to Trusted
If Hard Fail Enabled
HW_Sec_Vio or SW Soft Fail Soft
Fail
•Unprovisioned device
•SW Soft Fail w/SB_EN
SW Soft Fail
Test Keys
(All zeroes)
OTPMK/ZMK
KEK
OTPMK/ZMK locked out,
KEK cleared
No Keys
SEC Key
Usage Security Monitor States
No HW_Sec_Vio + SW
commands transition to
Trusted
OTPMK/ZMK
KEK
OTPMK/ZMK locked out,
KEK cleared
HW_Sec_Vio or
SW Soft Fail (SoC
health check or
signature fail)
TM
External Use 16
Domain Separation/Access Controlled Storage
Partition 1
Private Memory
Partition 2
Private Memory
Partition 3
Private Memory
Partition 4
Private Memory
HV
Private Memory
Command
Control
Status
Registers
SERDES
PME
SEC QMan
BMan
RMAN
Watchpoint Cross Trigger
Perf Monitor
CoreNet Trace
Aurora
Real Time
Debug
SA
TA
DCE
FMan Complex
RMan
Parse, Classify, Distribute
Buffer
MAC MAC
FMan/WRIOP
PC
Ie
PC
Ie
sR
IO
sR
IO
PC
Ie
PC
Ie
SA
TA
DMAx2
Plat
Cache
DDR Controller
SDC
General Purpose
Processor
HV MMU
MAC MAC
Partition 1
Qman Portal
General Purpose
Processor
HV MMU
Partition 2
Qman Portal
General Purpose
Processor
HV MMU
Partition 3
Qman Portal
General Purpose
Processor
HV MMU
Partition 4
Qman Portal
Shared
Coherent Interconnect
IOMMU IOMMU IOMMU
TM
External Use 17
Security Violations/Anti-Tamper
TM
External Use 18
Tamper Detection Sources
• Hardware:
− External Tamper Detection via TMP_DETECT and LP_TMP_DETECT
− Secure Debug Controller (if set to Conditionally Closed with Notification)
− Run Time Integrity Checker (in SEC)
− Security Fuse Processor (if fuse array read fails, including hamming code check)
− Security Monitor (OTPMK and ZMK hamming code check)
− All sensitive flops upon detection of scan entry and exit (expert mode debug)
− Power Glitch
− In Trust 2.0:
Monotonic counter roll-over
• Software:
− ISBC (Boot 0)
− ESBC/Trusted-Uboot (Boot 1)
− Any SW with write access to the Security Monitor can declare a security violation.
TM
External Use 19
Secure Debug
1. Open – Debug interfaces have full access to the QorIQ memory space. If the device is
already in Secure state, device secrets remain usable. This setting is only appropriate in a
lab environment.
2. Conditionally Closed without Notification – Debug interfaces are blocked until the user
passes a challenge/response sequence.
− PASS = full debug access, as in the Open case
− FAIL = Access denied. 3 fails locks out chal/resp mechanism and reports Sec_Vio to
Sec_Mon.
3. Conditionally Closed with Notification - Debug interfaces are blocked until the user passes
a challenge/response sequence.
− PASS = Sec_Mon notified of active debug, ephemeral device secrets cleared,
persistent secrets locked out, followed by full debug access, as in Open case.
− FAIL = Access denied. 3 fails locks out chal/resp mechanism and reports Sec_Vio to
Sec_Mon.
4. Locked – All debug operations are blocked. The JTAG interface can still be used for
boundary scan physical interconnect testing.
TM
External Use 20
Run Time Integrity Checker
DMA
controller
Zone 1
Zone 1
Zone 2
Zone 2
Zone 3
Zone 4
Zone 4
SHA-256
SHA-256
SHA-256
SHA-256
comparator
comparator
comparator
comparator
Zone 1 stored hash
Zone 2 stored hash
Zone 3 stored hash
Zone 4 stored hash
to Sec_MON
mismatch
mismatch
mismatch
mismatch
System Memory Map
DMA
controller
Zone 1
Zone 1
Zone 2
Zone 2
Zone 3
Zone 4
Zone 4
SHA-256
SHA-256
SHA-256
SHA-256
comparator
comparator
comparator
comparator
Zone 1 stored hash
Zone 2 stored hash
Zone 3 stored hash
Zone 4 stored hash
to Sec_MON
mismatch
mismatch
mismatch
mismatch
System Memory Map
Throttle
Register
Watchdog
Register
TM
External Use 21
Side Channel Attack Resistance
• Freescale’s focus on side channel attack resistance is focused
in 2 areas:
• Timing analysis against public key and symmetric operations
− All QorIQ Trust Arch devices incorporate PKHAs with run-time
equalization
− All symmetric CHAs perform run-time equalization
• Differential power analysis against AES operations
− Many QorIQ Trust Arch devices incorporate the AESA-DPA, a special
version of the AES accelerator with DPA resistance
TM
External Use 22
Trust Architecture Evolution
TM
External Use 23
Feature Trust 1.0 Trust 1.1 Trust 2.0
Devices P4080, P1010 P3041, P5020, P5040, P2041,
BSC913x
C29x, T4240, T2080, T1040
Secure Boot Yes Yes Yes
HW Acceleration of
Secure Boot
No No Yes. Only ‘E’ devices support secure
boot.
Alternate Image No No Yes, failure of primary image leads to
validation attempt for alternate image.
Key List & Key
Revocation
No No Yes, SRKH is hash of a list of up to 4
public keys, where up to 3 can be
revoked with fuses.
Blobs based on
Master Key
Yes, only Master Key option is
OTPMK.
Yes, Master Key can be either OTPMK
or ZMK.
Yes, Master Key can be either OTPMK
or ZMK.
Ephemeral Key
Encryption Keys
Yes Yes Yes
Secure Debug
Controller
Yes Yes Yes
Security Monitor High
Power Section
Yes, including security state tracking
and HW_Sec_Vio inputs from RTIC,
SDC, SFP, & TMP_DETECT_B .
Yes, including security state tracking
and HW_Sec_Vio inputs from RTIC,
SDC, SFP, TMP_DETECT_B , and
SecMon LP section.
Yes, including security state tracking and
HW_Sec_Vio inputs from RTIC, SDC,
SFP, TMP_DETECT_B , and SecMon
LP section.
Security Monitor Low
Power Section
No Yes, including ZMK, and HW_Sec_Vio
detection from Power Glitch,
LP_TMP_DETECT_B.
Yes, including ZMK, 4 GPRs, and
HW_Sec_Vio detection from Power
Glitch, LP_TMP_DETECT_B , and
Monotonic Counter Roll-Over. Not
present in T1040.
Monotonic Counters No No 1
CPU Memory Access
Control
Power ISA MMU w/HV
(HV level not available in P1010)
Power ISA MMU w/HV
(HV level not available in BSC913x)
Power ISA MMU w/HV
(HV level not available in C29x
IO Memory Access
Control
Platform MMU (PAMU) in P4080.
CCSR Access Control and PCIe
ATMU in P1010.
Platform MMU (PAMU) in QorIQ.
CCSR Access Control and PCIe ATMU
in BSC913x.
Platform MMU (PAMU) in QorIQ.
CCSR Access Control and PCIe ATMU
in C29x.
TM
External Use 24
Major Enhancements and Their Use
Enhancement First Appears Benefit Consequence
Zeroizable
Master Key
Trust 1.1 OEM can elevate the
consequences of a security
violation.
Requires battery back-up of portion of
SoC (SecMon LP section), additional
configuration registers and
LP_TMP_DETECT
HW Acceleration
of Secure Boot
Trust 2.0 Makes secure boot time closer
to non-secure boot time
Trust only available in ‘E’ devices
Alternate Image Trust 2.0 Adds resiliency to the secure
boot process
Requires signing of 2 images,
additional PBI commands
Key Revocation Trust 2.0 Permanently revoke flawed
images which were signed
with a super root key.
Need to manage more pub/pri keys
Need to develop key revocation
images
Monotonic
Counter
Trust 2.0 Prevent ‘roll back’ to a flawed
image without revoking a
super root key
Requires battery back-up of portion of
SoC (SecMon LP section), need to
include anti-rollback check in chain of
trust
TM
External Use 25
Key Revocation
SRKH (Key or Key List)
K0 K1 K2
Security Fuse Processor
Compare
Hash (computed by ISBC)
Key 0
Key 1
Key 2
Key 3 (irrevocable)
CSF Header
KL, KN, LW
ESBC PubKey or Key List
ESBC Bootloader
Normal SoC initialization/Bootloader code
End normal initialization/ Bootloader
[Boot Script address]
[Boot Script PubKey Hash]
SoC
ISBC
New Flags for Key vs Key List, Key Number (0-3), and ‘Leave Writeable’
TM
External Use 26
Alternate Image
CSF Header
KL, KN, LW
ESBC Uboot PubKey or Key List
ESBC Uboot
Normal Uboot stuff
End normal Uboot stuff
Validate
[Boot Script address]
[Boot Script PubKey Hash]
GPP 0
ISBC
Primary Image
CSF Header
KL, KN, LW
ESBC Uboot PubKey or Key List
ESBC Uboot
Normal Uboot stuff
End normal Uboot stuff
Validate
[Boot Script address]
[Boot Script PubKey Hash]
Alternate Image
Trust 2.0+ supports a primary and alternate image, where
failure to find a valid image at the primary location will cause
the ISBC to check a configured alternate location.
To execute, the alternate image must be validated using a non-
revoked public key as defined by its CSF Header. A valid
alternate image has same rights and privileges as a valid
primary image.
Purpose is to reduce risk of corrupting single valid image during
firmware update or as a result of Flash block wear-out.
TM
External Use 27
Security Deployment
Leadership
High
Performance
25W+ TDP
Mid-Range
Performance
10-25W TDP
Volume
Value
Performance
<10W TDP
Small Form
Factor
Production Proposal Planning Execution
2012 2013 2Q 3Q 4Q Existing 1Q 4Q
P3041
P2041/40
P1023/17
P1010/14
T4160
T4240
P1021/12
P1022/13
P2020/10
MPC8569
P4080/40
P5040
P5020/10
P5021
P1020//11
2014 2Q 3Q 4Q 1Q
2015
2Q 3Q 4Q 1Q
2016
2H 1H 2H 1H
LS2085A
LS3
Production
Execution
Production
Proposal
Product Qual
Samples
Planning
Production
T1042
T2080
LS1043A
T2081
T1040
Trust 3.0 w/TrustZone
Industry
Highest
CoreMark/W
LS1020A
LS2045A
T1023
SEC
Trust
C29x
TM
External Use 28
Summary
• The QorIQ platform’s trust architecture provides OEMs with the hardware
anchor points they need to develop a trusted system.
• Trust features are found on a full spectrum of QorIQ, Qonverge, and
Layerscape-based devices from low-power to highest performance.
• 3 generations of Trust Architecture have steadily enhanced the features
and capabilities.
• Trust configurations are under OEM control, and support a support a
tailored trade-offs between trust and serviceability.
• Trust features are supported with a Code Signing Tool and reference
chain of trust.
TM
External Use 29
Other Session of Interest
• FTF-NET-F0136 Thursday 10:30 AM 2 hours Grapevine Ballroom 5
Use the Design Checklist, Part 1: New Board Designs
• FTF-NET-F0157 Thursday 10:30 AM 2 hours San Antonio 1QorIQ Communications Platform's Trust Architecture: Add Trust to Networked and Networking Systems
• FTF-NET-F0152 Thursday 12:45 PM 1 hour Grapevine Ballroom A Lunch and Learn: Introduction to the Pre-Boot Loader and the supporting QCS tool.
• FTF-IND-F0062 Thursday 12:45 PM 1 hour Grapevine Ballroom 2
Lunch and Learn: Go Multicore Series: Managing Machine Safety and Productivity with QorIQ Multicore Communications Processors
• FTF-NET-F0137 Thursday 4:15 PM 2 hours Grapevine Ballroom 6Use the Design Checklist, Part 2: Successful Board Bring-Up
• FTF-NET-F0111 Thursday 5:15 PM 1 hour Grapevine Ballroom 4Overview of Autonomous IPSec with QorIQ T Series Processors
• FTF-NET-F0352 Friday 9:30 AM 1 hour Grapevine Ballroom 4
OpenSSL on QorIQ Communications Platform and C29x Crypto Coprocessor Family
• FTF-NET-F0065 Friday 10:30 AM 1 hour Grapevine Ballroom 4 C29x Crypto Coprocessor Family
TM
© 2014 Freescale Semiconductor, Inc. | External Use
www.Freescale.com
