i.MX RT700
NXP
The i.MX RT700 family integrates anti-rollback protection as part of its secure boot and update mechanisms.
Application NoteNxp
Anti-Rollback Feature on i.MX RT700
Application note describing how to enable anti-rollback protection on i.MX RT700 MCUs to prevent firmware downgrade attacks using OTP fuses and the Secure Provisioning Tool.
Overview
This document provides a detailed overview of the anti-rollback feature integrated into the i.MX RT700 family. It explains the mechanism for preventing firmware downgrade attacks by comparing image version numbers against values stored in dedicated One-Time Programmable (OTP) fuses. The note covers secure firmware versioning (SEC_FW_VER) with up to 64 levels and non-secure versioning (NS_FW_VER) with up to 256 levels. It details the process for configuring these settings for both signed and SB3.1 images using NXP's Secure Provisioning Tool (SEC tool). Additionally, it describes the hardware-based verification performed by the boot ROM and the use of fuse lock bits to make version levels immutable.
Use Cases
- Preventing firmware downgrade attacks in embedded systems
- Implementing secure firmware update mechanisms
- Managing hardware-based security versioning for MCU firmware
- Configuring OTP fuse locks to finalize device security policies
Topics
i.MX RT700
anti-rollback
secure boot
OTP fuses
Secure Provisioning Tool
SEC tool
firmware versioning
SEC_FW_VER
NS_FW_VER
SB3.1
Referenced Parts
| i.MX RT700 | NXP | The i.MX RT700 family integrates anti-rollback protection as part of its secure boot and update mechanisms. |