The user guide breaks secure boot into a deterministic, three-stage handshake:
Key takeaway from the guide: If secure boot is enabled and fails, the processor enters a fatal error state. No soft recovery. No debugger intervention.
Rating: 7.5/10 – Essential reference but requires supplemental materials.
Use this guide alongside:
Tip: If you’re new to QorIQ security, read Chapter 3 (Boot Flow) first, then skip to Appendix A (Lifecycle states), and only deep-dive into registers later.
You need a signed version of U-Boot (u-boot.bin). First, build U-Boot from your SDK, then sign it using the SRK1 private key.
../cst --sign-esbc --in u-boot.bin --out u-boot-signed.bin --key srk1_4096.pem --sec-fw
Key flags:
The result is u-boot-signed.bin + a separate u-boot-signed.bin.sig (signature appended in some formats).
keyctl add trusted kmk "new 32" @u
keyctl pipe $(keyctl search @u trusted kmk) > /dev/kmk_blob
This binds the key to the SRK hash. If the boot process is tampered, the key unsealing fails.
Requirement: Must be in OEM Closed, and all fuses must be verified.
Check: Use sec_mon status command in U-Boot: qoriq trust architecture 2.1 user guide
=> sf dp target 0
=> ssp 0x1E90000 1 # Read SEC-MON status register
If any factory fuses are still zero, transition is blocked.
TA 2.1 integrates a dedicated Security Engine (SEC) , described in the user guide as a co-processor for crypto workloads. It handles:
Critically, the SEC operates in protected mode, meaning keys never leave the engine’s boundary—a requirement for FIPS 140-2 compliance. The user guide breaks secure boot into a