Denis Noël, Director & Head of Product Marketing, Secure Connected Edge at NXP Semiconductors took some time out at electronica 2024 to speak with IoT Insider about technologies and big talking points – among them, post-quantum cryptography (PQC), how NXP are responding to the potential risks it poses and implementing secure boot in devices.
The launch of their i.MX 94 family at the event, which integrates communications, safety and control features in one SoC and targets industrial and automotive applications, demonstrated how NXP have security at the forefront of their solutions.
![](https://www.iotinsider.com/wp-content/uploads/2024/12/Denis-Noel-1024x1024.jpg)
“It brings strong support for [the] management of security in the field,” explained Noël. “We have what we call an Edgelock Secure Enclave, which is … dedicated security on the chip, to manage security.”
In doing so, NXP have protected their chip against any quantum computing attacks by adding a capability on the Edgelock Secure Enclave to restore the equipment to a safe state, “in case of a suspicion of an attack or [an] attack,” Noël added.
Entering the PQC world
A significant feature of the i.MX 94 is its support for post-quantum cryptography (PQC), a topic that has, as of late, gathered pace, particularly with regards to the risks quantum computing poses in cracking previously unbreakable algorithms (most notably, the RSA and ECC) and leaving most devices and networks that depend on these algorithms, vulnerable. The question for industry players has been how they can mitigate this risk with their own solutions and prepare accordingly.
![](https://www.iotinsider.com/wp-content/uploads/2024/12/NXPs-New-i.MX-94-Applications-Processors-Delivers-Connectivity-for-Industrial-and-Automotive-Edge-1024x576.jpg)
“With the i.MX 94 we equipped the processor with the new cryptography that can resist quantum computers,” said Noël. “We have implemented PQC from boot time, so the device has the ability to boot with classic cryptography, but also with PQC … We not only support boot, but also secure updates and secure debug access.”
“The point is to be ready,” Noël continued. “The point is to be ready because it’s very difficult to retrofit devices especially when it comes to the implementation of secure boots. The secure boot starts from immutable memory, because this is the part of the code you need to guarantee is not modified.”
In one example of what is vulnerable should quantum computers develop to the point that it can break these algorithms, Noël said: “Everything that uses cryptography becomes a concern. When you boot the device and you verify the firmware to check before you launch the application, to make sure you’re using the right software, this uses cryptography to verify the software.
“That means overnight, if quantum computers break cryptography, attackers could run malicious software on every type of platform.”
It’s not all doom and gloom fortunately because as the conversation with Noël highlighted, industry experts are giving this some serious thought. The National Institute of Standards and Technology (NIST) released their own standards earlier this year after an eight-year effort to develop quantum-resilient encryption standards. In releasing the standards back in August 2024, NIST strongly urged organisations to implement the standards as soon as they could.
Supporting compliance
Besides post-quantum cryptography, another major challenge NXP’s customers are facing is ensuring their compliance to the Cyber Resilience Act (CRA). The CRA, which outlines a set of principles all manufacturers of devices with a digital element must follow in order to comply, does a good job of setting out these principles but doesn’t explain how this can be achieved, Noël said, and therefore necessitates NXP’s support of their customers.
“The question is what to design into the device to make sure the OEM meets the expectations of the regulator,” he said. “What we do to help our customers is to provide mappings between the security features we put in our product on one end, and on the other end, the requirements of the CRA.”
For example, NXP asks third party certifiers to evaluate their solutions’ security features to confirm it meets the standards and regulations properly, so their customers can rest easy.
“The CRA says you need to put counter measures proportionate to your risks and threats,” explained Noël, “but that means you need to understand your threats and lead a threat analysis … A threat analysis is not obvious for most of our customers because they don’t have the right expertise.”
Noël’s key takeaways for security, therefore, are that “awareness has grown a lot. We’ve seen a lot of people integrating security into their offering. The awareness is there.” The other takeaway was that the CRA remains a concern for their customers.
“PQC is just the start … That will not be the end of the story. There are a lot of things to agree at industry level,” Noël concluded.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.