NXP
Security Disclaimer
NXP i.MX processors have various security-relevant modules that may be configured by the customer to effectively secure the device.
- These security modules vary by the i.MX product family and may include:
The Central Security Unit (CSU) that manages the system security policy for peripheral access on the SoC.
The Resource Domain Controllers (RDC/XRDC/TRDC) that provide support for the isolation of peripherals and memory.
Arm® TrustZone® technology-based memory protection for embedded memories such as the on-chip RAM (OCRAM).
The TrustZone ® Address Space Controller (TZASC) that protects and secures data in a trusted execution environment.
The AIPSTZ bridge that provides programmable access protections for both controllers and peripherals.
The default security configuration in OP-TEE OS for these security modules is left in an open (non-secure) state because a universal secure configuration that meets all customer requirements is not possible.
NXP delivers various open-source software components (NXP OP-TEE OS) for customer enablement, however, these are not provided as secure production-ready implementations.
Using OP-TEE OS upstream releases instead of NXP OPTEE-OS releases may have an impact on the features supported and the security level of the i.MX platforms.
Customers should optimize the security configuration in OP-TEE OS to lock and secure end products according to their specific security requirements.
NXP has documented how to securely configure these security modules in the respective i.MX SoC Reference and Security manuals and also provides a Security Checklist for the i.MX family to help customers secure end products.
For Further assistance please contact your NXP field representative or submit an NXP Support ticket.