|-
|1.0.0
|January February 2018
|First public release
|}
==Introduction==
Security Nowdays, thanks to embedded systems diffusion and explosive growth anyone is aware about security. One of the key factors is to grant that on a specific hardware devices should be executed only authorized SW. This is extremel importan in devices which can be upgraded Over The Air (OTA). As we said before, security on Embedded Device is getting important in the embedded world for executing authentic code on embedded processors. In particular, one of the most important targets, discussed in this article is the sw authentication: It is particularly important to guarantee that the embedded processor starts '''executes '''<b>only</b> authenticated software code which is the original which should be originally certified software just starting from the beginning (i.e. u-boot, kernel,..). In this article, it is described the process applied on DAVE Embedded Systems' devices in order to demonstrate the capability of the authentication mechanisms and give an idea about the effort required for implementing the process in-house production. It is important to highlight that this is not just a SW procedure but also a company arrangement design because of security pass through company procedure and good practice. (any alarm system doesn't work properly if you live the keys on the door..).
The mechanism to ensure that only authentic/original software is executed can be realised starting from the HAB Security mechanism provided on iMX6/iMX6UL processor family by NXP.
An HAB enabled system, via bootrom properly configuration, guarantees that software loaded from external memroy devices, like NOR, NAND flash memories or SD card, will be executed only if has been authenticated.
This white paper describes how i.MX6UL-based HAB configuration can be used on DAVEEmbedded Systems's products for protecting Customer's products and then running only original authentic software.
