Security features in i.MX6UL3 SODIMM SOM
The NXP i.MX 6UL3 ARM Cortex A7 based CPU integrates comprehensive security features making it ideal for security applications such as access control, ecommerce, mobile POS etc.
iWave Systems being one of the early adaptors of i.MX6UL, supports compact, cost effective i.MX6UL3 applications processor based SOM with Linux board support package. The BSP is added with various security features such as Tamper detection, High assurance boot (HAB) and Crypto engine (Differential Power Analysis- DPA with DES algorithm.
Secure Non Volatile Storage(SNVS) logic block in the iMX 6UL3 incorporates tamper detection logic. There are two types of tamper detection's supported called as external and internal.
External Tamper Detection is a special mechanism provided through a chip pin to signal when the device encounters unauthorized opening or tampering. Inside the chip, the received signal is compared with the desired signal level, once unequal, tamper event is found. When the desired signal is fixed, it is called passive tamper; when the desired signal level is also toggling with time, it is called active tamper. The chip supports at most 10 passive tamper detection pins, or 5 active tamper pairs alternatively.
Active tamper is used to detect tampering of an on chip wire mesh. There are 5 active tamper output ports and 10 external tamper inputs. Any combination of active tamper output can be configured to any one of the 10 external tamper inputs in iMX6UL3 CPU.
The internal tamper detection supports voltage, temperature and clock monitors as well.
The voltage Monitor, monitors the Out of Range Battery Voltage. The allowed battery voltage is from 2.5V (low-trip point) to 3.5V (high-trip point). Hysteresis is 100mV for each trip-point. Tamper will be detected when Voltage Monitor generates "Out of Range Voltage" violation.
Temperature Monitor has the temperature low trip-point spec at -30°C and high trip-point spec at 115°C. Hysteresis is 5°C for each trip-point. Tamper will be detected when Temperature Monitor generates "Out of Range Temperature" violation.
The system provides automatic detection of external SRTC clock state and provides an alternative internal clock source when a failure is detected. Clock Tamper detects the following scenarios thus generating tamper:
- No clock detection
- Under-Clock tamper: When Clock (32Khz) goes below the programmed low threshold value
Over-Clock Tamper: When the clock goes above programmed high-threshold value
An always-ON power supply (RTC coin-cell battery) should be present in the system. If the tamper detection feature is enabled by software, then opening of the tamper contact;
- Switches system power ON with a Tamper Detection alarm interrupt asserted (for software reaction)
Activate security related hardware (e.g. automatic and immediate erasure of the Zeroizable Master Key and deny access and erase secure memory contents)
High Assurance Boot(HAB):
HAB is high assurance boot feature supported in the system boot ROM, detects and prevents execution of unauthorized software (malware) during the boot sequence.
HAB protects against unauthorized software by:
- Using digital signatures to recognize authentic software. This allows the user to boot the device to a known initial state, running software signed by the device manufacturer.
- An asymmetric encryption is adopted to implement the HAB feature.
- NXP provided cst tool will be used to test the HAB functionality.
- In u-boot level we can check the status of the Hab.
In closed mode configuration, board will boot only signed boot images.
HAB incorporates the following features:
- Enforced internal boot via on-chip masked ROM
- Authentication of software loaded from any boot device (including USB download)
- CMS PKCS#1 signature verification using RSA public keys (1024 bit to 4096 bit) and the SHA-256 hash algorithm
- Public key infrastructure (PKI) support using X.509v3 certificates
- Root public key fingerprint in manufacturer-programmable on-chip fuses
- Multiple root public keys with revocation by fuses
- Initialization of other security components
- Authenticated USB download fall over on any security failure
- Open configuration for development purposes and non-secure platforms
Closed configuration for shipping secure platforms
HAB is integrated with other security features as follows:
- HAB executes in the TrustZone Secure World.
- HAB initializes the SNVS security monitor state machine. Successful secure boot with HAB is required for platform software to gain use of the master secret key selected by SNVS.
- HAB reads the root public key fingerprint, revocation mask, and security configuration from the OCOTP_CTRL.
- HAB initializes the CSU.
HAB can use to accelerate hash calculations.
Differential Power Analysis (DPA) with DES algorithm:
DPA is securing a cryptographic algorithm that makes use of a secret key. It encrypts and decrypts the text using DES algorithm. If there is any mismatch between encrypted and decrypted text, it will display the error message.
The basic differential power analysis attack described here relies on two properties of the DES encryption. The first is the fact that the individual DES S-box outputs produce sensitive data that can be correlated to the power information recorded from the target device. The second fact is that each DES S-box input uses only 6 bits of the 48-bit sub key used for that round, which is low enough that they may be exhaustively searched to the highest correlation.
The purpose of the attack implemented is to retrieve the first round subkey used. Once enough of this subkey is determined, the full key used in the DES encryption can be found by exhaustive search method.
Go to the following link to see NXP i.MX 6 series CPU based product updates: http://www.iwavesystems.com/latest-updates-on-i.mx6