NXP

Security Disclaimer

• NXP i.MX processors have various security-relevant modules that may be configured by the customer to effectively secure the device.

• These security modules vary by the i.MX product family and may include:

  • The Central Security Unit (CSU) that manages the system security policy for peripheral access on the SoC.
  • The Resource Domain Controllers (RDC/XRDC/TRDC) that provide support for the isolation of peripherals and memory.
  • Arm® TrustZone® technology-based memory protection for embedded memories such as the on-chip RAM (OCRAM).
  • The TrustZone ® Address Space Controller (TZASC) that protects and secures data in a trusted execution environment.
  • The AIPSTZ bridge that provides programmable access protections for both controllers and peripherals.

• The default security configuration in OP-TEE OS for these security modules is left in an open (non-secure) state because a universal secure configuration that meets all customer requirements is not possible.
• NXP delivers various open-source software components (NXP OP-TEE OS) for customer enablement, however, these are not provided as secure production-ready implementations.
• Using OP-TEE OS upstream releases instead of NXP OPTEE-OS releases may have an impact on the features supported and the security level of the i.MX platforms.
• Customers should optimize the security configuration in OP-TEE OS to lock and secure end products according to their specific security requirements.
• NXP has documented how to securely configure these security modules in the respective i.MX SoC Reference and Security manuals and also provides a Security Checklist for the i.MX family to help customers secure end products.
• For Further assistance please contact your NXP field representative or submit an NXP Support ticket.