NXP

Security Disclaimer

  • NXP i.MX processors have various security-relevant modules that may be configured by the customer to effectively secure the device.

  • These security modules vary by the i.MX product family and may include:
    • The Central Security Unit (CSU) that manages the system security policy for peripheral access on the SoC.

    • The Resource Domain Controllers (RDC/XRDC/TRDC) that provide support for the isolation of peripherals and memory.

    • Arm® TrustZone® technology-based memory protection for embedded memories such as the on-chip RAM (OCRAM).

    • The TrustZone ® Address Space Controller (TZASC) that protects and secures data in a trusted execution environment.

    • The AIPSTZ bridge that provides programmable access protections for both controllers and peripherals.

  • The default security configuration in OP-TEE OS for these security modules is left in an open (non-secure) state because a universal secure configuration that meets all customer requirements is not possible.

  • NXP delivers various open-source software components (NXP OP-TEE OS) for customer enablement, however, these are not provided as secure production-ready implementations.

  • Using OP-TEE OS upstream releases instead of NXP OPTEE-OS releases may have an impact on the features supported and the security level of the i.MX platforms.

  • Customers should optimize the security configuration in OP-TEE OS to lock and secure end products according to their specific security requirements.

  • NXP has documented how to securely configure these security modules in the respective i.MX SoC Reference and Security manuals and also provides a Security Checklist for the i.MX family to help customers secure end products.

  • For Further assistance please contact your NXP field representative or submit an NXP Support ticket.