Qoriq Trust Architecture 2.1 User Guide -

Using the CST, wrap your bootloader (e.g., u-boot.bin ) with a . This header contains the public key, the signature of the image, and the load addresses. Step 3: Fuse Blowing (Development vs. Production)

Set the physical pins or fuses to move the device from "Non-Secure" to "Secure" mode. In this mode, the CPU will refuse to boot any image that is not signed correctly. 6. Best Practices for Trust Architecture 2.1 qoriq trust architecture 2.1 user guide

Maintain a strategy for revoking keys if a private key is compromised. Using the CST, wrap your bootloader (e

Use the Monotonic Counter fuses to ensure an attacker cannot downgrade your firmware to an older version that had a known security flaw. Using the CST