There were two Secure Boot vulnerabilities notified by NXP®, published in the erratas ERR010872 and ERR010873. The issues affected i.MX and Vybrid processors. Secure Boot isn't enabled by default on Toradex products. Customers who are not using secure boot are not affected by these vulnerabilities!
Note: Toradex is switching to the i.MX6 and i.MX7 SoCs which have these security vulnerabilities fixed. NXP decided to not fix these issues in their Vybrid SoCs.
Corresponding production lots of modules updated with new SoC:
|Affected Products||First Production Lot with New SoC|
| Apalis iMX6Q 1GB V1.1B||06 / 2018|
| Apalis iMX6Q 2GB IT V1.1C||06 / 2018|
| Apalis iMX6D 1GB IT V1.1B||07 / 2018|
| Colibri iMX6S 256MB V1.1A||03 / 2018|
| Colibri iMX6DL 512MB V1.1A||03 / 2018|
| Colibri iMX6DL 512MB IT V1.1A||06 / 2018|
| Colibri iMX7S 256MB V1.1C||03 / 2018|
| Colibri iMX7D 512MB V1.1D||07 / 2018|
Warning: Please note that the production lot date does not mean that new products are delivered from this date. There might be stock of previous production lots which will first be sold-out before these modules will be sold. Please reach out to us in case you urgently need the version with the updated SoC.
The following modules will be updated further in the future:
| Apalis iMX6D 512MB V1.1B|
| Colibri iMX6S 256MB IT V1.1A|
| Colibri iMX6ULL 256MB V1.0A|
| Colibri iMX6ULL 512MB WB IT V1.0A|
Please reach out to us in case you require further information.
In errata ERR010872, NXP announces that the Serial Download Protocol (SDP) is affected when the device is configured in security enabled mode. Affected Toradex parts are Apalis iMX6 Dual, Apalis iMX6 Quad, Colibri iMX6 Solo, Colibri iMX6 DualLite, Colibri iMX6ULL, Colibri VFxxx.
Errata ERR010873 is related to the High Assurance Boot (HAB) during the parsing of a certificate in a security enabled configuration. Affected Toradex parts are Apalis iMX6 Quad, Apalis iMX6 Dual, Colibri iMX6 DualLite, Colibri iMX6 Solo, Colibri iMX6ULL, Colibri iMX7 Dual, Colibri iMX7 Solo, Colibri VFxxx.
There is no software workaround available to prevent this vulnerability for the affected devices because the vulnerability is in the Boot ROM which cannot be updated in the field.
There is a programmable eFUSE configuration available to disable the SDP port: by default, this fuse is not programmed on Toradex modules. Customers not fusing this setting are therefore not affected by these issues. Customers using the security enabled configuration are affected by these issues. More information can be found in the respective NXP errata documents.
The Boot ROM on affected devices has been updated to prevent this vulnerability. HAB 4.2.5 and newer versions includes the Security Fixes for ERR010872 and ERR010873. The application note AN4581 provide a secure boot reference for i.MX application processors that include HABv4.