Security By Design On NXP i.MX 8

Homepage Security By Design On NXP i.MX 8

How does NXP help IoT makers to secure their devices on i.MX 8?

It’s no surprise that in a world where hacks, data leaks, malware, and bad actors regularly make headlines, many in the IoT world are concerned about the security of their devices and networks.

A recent survey of 170 IoT industry leaders revealed that 85% believe that security concerns remain a real barrier to the adoption of IoT devices. As a result, nearly two-thirds of the respondents stated that their key focus area was the end-to-end security of their IoT devices, far outstripping the focus on edge computing, artificial intelligence, or 5G connectivity.

Recently I sat down to record a podcast with Amanda McGregor Head of Product Innovation for Advanced Edge Processors at NXP. We discussed the importance of hardware choices in securing IoT devices, the security features of the NXP i.MX 8, and the security features we can expect in the upcoming i.MX 9 series.

We started, though, by returning to first principles and the necessity of building secure IoT systems by design.

"Secure by Design"

What is “Secure by Design”?

In simple terms, building security by design means accepting that a system is only as secure as its weakest link. This means that at every stage of product development security needs to be a priority and must be reinforced, lest that security is compromised.

And when I say ‘every stage of development, I mean it.

Secure by design means addressing security across the entire development cycle, from initial conception through to product release and then post-release, with every update and every patch as security-focused as the last. It’s not about bolting on security later or addressing security as a single step in a development process; it’s a commitment to security from day zero.

When I am architecting systems or contributing to the development of a new product, I adopt a secure by design approach that starts at the beginning with the definition of the product requirements. Even when we are still collecting market and customer inputs, studying industry trends, and defining what the product should be, security is always top of mind.

IoT Device Security and processors like i.MX8 families

A recent security-focused article from Microsoft highlighted seven properties of highly secure devices, and first and foremost is the hardware. With this in mind, an early focus of an engineer like myself is the hardware in general and supporting the OEM in their software choices in particular.

An OEM might already have their own prototype hardware built, for example, offer us access to the device-level open-source software and the associated documentation. Our team of knowledgeable experts can help implement the security components to their system.

We continue this engagement with the OEM and their hardware choices throughout the development of the product. We are there when the OEM is prototyping with the right security enablement and support, and beyond prototyping, we’ll help the OEM to implement a completely secure system across the entire lifecycle of the product.

Another concept that is useful to keep in mind here is automated renewable security. Automated renewable security enables continual device-level security upgrades during the life of the product. When the product is out in the field and as new security threats are identified, the product is constantly updated. For IoT products with long lifespans out to 10 years and under constant security threat, this consistent focus on security is enormously important.

And it is here that the NXP i.MX 8 really shines.


Security Features on the i.MX 8

The NXP i.MX 8 is the perfect hardware choice for secure by design IoT. Among the security features of the i.MX 8 are:

  • Secure Boot: If a device is infected with malware, that malware might take control of the boot sequence and impact sensitive data, services, and even the network. The Secure Boot capacity of the i.MX 8 relies on digital signatures to prevent any unauthorized software execution during the boot sequence.
  • TrustZone: Unauthorized software that is executed on a device can put sensitive data, as well as the security of the device, at risk. The i.MX 8 leverages the ARM TrustZone security hardware to ensure that only authorized software is allowed to run on the IoT device.
  • Secure Cloud to Edge: With processing happening on the edge and in the cloud, networks need to be secure from the device itself through to the cloud with Azure Sphere. The i.MX 8 has a broad ecosystem to protect devices, report in real time that a device is authentic and approved.
  • Intelligent Power Tracking: Attacks on a device or network can sometimes be detected by shifts in power transitions and power states. The i.MX 8 has the capacity to intelligently track and manage power transitions and states and minimize the attack surfaces available to bed actors.

 While the i.MX 8 is leading the field when it comes to processors, even more is planned for the i.MX 9 series. In a recent podcast I hosted with Amanda McGregor she revealed that the next generation of products will have even more security features baked in.

“Moving forward into our next generation of products, we recently announced the nine series will also have a secure enclave,” she said, adding “We believe so strongly in the importance of security that we’re continuing to invest in it heavily and create new capabilities moving forward with our portfolio.”

Need advice on IoT Device Security

Secure by design principles should be at the foundation of any IoT project. Every stage of development – from the moment a product is envisaged, through hardware choices, software coding, networking, delivery and update cycles – demands attention to the security details to ensure devices are safe, data is protected, and networks remain unmolested.

Among the early choices in a secure by design approach are those related to hardware. The i.MX 8, a popular microcontroller from NXP, comes equipped with the security features that are required to keep devices and networks safe from malware and bad actors.

For an in-depth dive into the NXP i.MX 8 and all of its security features, the podcast that I recorded with Amanda McGregor is a great way to learn more about why the i.MX 8 is increasingly the first choice for IoT developers in a variety of industries, use cases, and applications –listen to it here.

Ed Langley - Engineering Manager
29 April 2021