Simplifying security implementation on i.MX93-based devices with The Embedded Kit and NXP

Embedded systems development comes with its own set of challenges. From integrating advanced hardware to ensuring long-term software security, the complexities only grow as new technologies emerge. For software engineers working on embedded systems, streamlining processes while maintaining robust security protocols is crucial.
To address these concerns, The Embedded Kit has rolled out support for NXP’s i.MX9 processors within its production-ready embedded Linux distribution. This integration not only simplifies hardware-software collaboration but also eases long-term system maintenance. As a result, developers can concentrate more on application development and less on low-level configurations.

Pre-configured Linux distribution for i.MX93 processors

Overview of i.MX93 processors

NXP’s i.MX93 processors are known for their powerful cores, real-time capabilities, power efficiency, and integrated hardware neural processing units (NPUs) for machine learning acceleration.

When combined with The Embedded Kit’s embedded Linux distribution, developers gain a toolkit that enhances security and brings a robust and ready-for-production solution, enjoying the performance and low-latency offered by the new NXP processor – all of which are critical for modern use cases like industrial automation and edge computing. 

i.MX93 x The Embedded Kit spec sheet

Out-of-the-box distribution for managing i.MX93 compatibility over time

One of the major pain points for embedded developers is to build a robust hardware-software integration, secure by design and ready for long-term maintenance. Legacy methods usually involve considerable manual work to build and keep systems secure and up-to-date.

The Embedded Kit solves this problem by offering a production- and maintenance-ready Yocto-based Linux distribution that comes pre-configured to support systems running on NXP i.MX93 processors. This means faster development times, reduced overhead for hardware integration, and more focus on creating added value software that performs reliably in the long run. 

BSP integration for hardware-specific configurations

If you’re working with embedded systems, you’re probably familiar with the importance of Board Support Packages (BSPs). This layer includes hardware-specific firmware and device drivers that make sure the operating system communicates smoothly with the hardware.

The Embedded Kit integrates several BSPs, including the BSPs of SOMs (Systems on Module) running on i.MX93 (themselves based on NXP’s BSP). By incorporating these BSPs, The Embedded Kit offers out-of-the-box support for any i.MX9-based hardware platform, reducing development cycles and allowing developers to generate customized Yocto images in a few hours.

With the hardware details already sorted out, embedded software engineers can shift focus to application-level development without getting bogged down in device configuration.

i.MX93 support - NXP x The Embedded Kit

Long-term support (LTS) and maintenance for embedded systems

Maintaining embedded systems over time is just as important as building them. For this, The Embedded Kit follows NXP’s and SOM makers’ Long-Term Support (LTS) releases and BSP updates, ensuring that embedded systems stay updated and secure throughout their operational lifespan.

If you need even longer support, The Embedded Kit offers additional partnerships with organizations like Witekio, providing extended maintenance and upgrade services. This ensures that you’re never stuck with outdated or unsupported software in the field.

Pre-built security features for i.MX93-based embedded devices

Security is critical in embedded systems, especially for devices that are expected to operate reliably over extended periods. The Embedded Kit, in conjunction with NXP’s security features, ensures that these devices remain secure throughout their lifecycle.

Key security features include:

  • Minimal image: based on Yocto
  • OS and file system authenticity: with a read-only file system, secure boot and storage, as well as a signature tool
  • Over-the-Air (OTA) updates: Secure updates using SWUpdate or Mender.io.
  • Development and production image: This separation ensures better security and performance during production while providing flexibility during development.
  • Quality tooling: automated testing, CI/CD build environment
  • Security threat analysis with automatic CVE checking integrated in the CI forge
  • i.MX93 EdgeLock secure enclave: advanced threat protection and updated cryptographic support.

Focus: secure boot implementation for i.MX93-based systems

One of the standout features of this integration is the pre-configured secure boot for i.MX9-based SOMs. If you’re building embedded systems that need to withstand malicious attacks, secure boot is an essential tool in your arsenal.

When secure boot is enabled, only code that has been signed by the device manufacturer will be executed. This creates a “chain of trust” where each layer of the system validates the next, ensuring that only trusted code is run on the device.

The Embedded Kit use Advanced High Assurance Boot (AHAB) support to create this secure chain of trust. This authentication mechanism relies on public key cryptography to prevent unauthorized software from running during the boot process of the device. The boot images are signed offline with the private key, and these signed images are subsequently verified on the i.MX processor using the corresponding public key. The public key is embedded in the final binary, while a hash of the public key is stored in the SoC’s one-time programmable e-fuses, thereby establishing the root of trust.

Here’s how the mechanism operates on i.MX93:

  1. The SHA256 hash of the Super Root Key (SRK) is fused into the OCOTP registers.
  2. The ROM on the Cortex-A35 loads U-Boot SPL into on-chip RAM and requests EdgeLock Secure Enclave to authenticate the image.
  3. U-Boot SPL then loads and validates the next stages, including ATF and u-boot.
  4. Finally, U-Boot loads and authenticates the Linux kernel and initramfs, which further authenticates the file systems before mounting them.
Secure boot on i.MX93

This layered security model provides a robust defense against memory modifications, unauthorized code injection, and other threats.

Benefits for embedded system developers

For engineers focused on developing embedded systems that require security, reliability, and scalability, the integration of The Embedded Kit with NXP’s i.MX93 processors represents a significant advancement. From expedited development cycles to industrial-grade security, this combination delivers everything needed to construct cutting-edge embedded solutions.

By simplifying hardware integration, enhancing system security, and offering long-term maintenance support, The Embedded Kit empowers software engineers to concentrate on creating applications that drive value—free from the burdens of managing complex hardware and software layers. Whether you’re engaged in industrial automation, machine learning at the edge, or other demanding applications, The Embedded Kit with i.MX93 support presents a powerful solution worth exploring.

Related content

Discover more from The Embedded Kit

Subscribe now to keep reading and get access to the full archive.

Continue reading