Freescale / NXP High Assurance Boot secures modules
Hacking of production embedded systems in the field should be an immediate concern to all projects. Happily, for i.MX6 family processors (and some earlier i.MX family devices too), Freescale / NXP provides a system call High Assurance Boot or HAB for short. And it’s the basis of a new service that we can offer our customers.
HAB allows the image to be signed by an SHA algorithm, requiring the manufacturer to hold a private key. The signed image is then authenticated at run-time against a public key which is one-time programmed into the device. That’s the basis of it, though in practice there are multiple keys and multiple authentication steps, and it’s not entirely straightforward to set up.
But once implemented, only signed images can be run, thus guaranteeing complete security. At the same time the potential for field updating is not compromised – the replacement image simply needs to be signed.
We can offer setup and secure boot programming via HAB as a service for TRITON-TX6 family modules (for i.MX6 Solo, Dual Lite, Quad and UltraLite). The programming is performed on the production line with minimum cost and delay. Please ask for more information if this service is of interest.