Below are my comments regarding your inquiries. Not all of these inquiries are clear enough for me to give 100% accurate answers, nor do I know the standard you’re referring to, but I’ll try to help you as best as I can:
1) Set a program as certified/secure and allow only these software to access specific hardware?
This is doable, however “certified” and “secure” can have multiple meanings and definitions. It would be nice to have these terms more strictly defined.
2) The main processor (Colibri IMX7 DUAL / IMX6ULL) has “legally relevant software” and “non legally relevant software”, basically it is certified programs and non-certified programs.
This is ambiguous (for me, since I’m not familiar with the standard). In some sense the processor does not “have” software. All software is in memory, processor just runs instructions (not considering L1/L2 cache and stuff).
3) Only the “legally relevant software” can have access to the flash memory, if the “non legally relevant software” tries to access the flash memory, the authentication software/system must block the attempt, this MUST be valid to read/write operations.
Does “legally relevant software” allow like, system utilities and everything that must be there so the OS runs correctly?
Nonetheless, it is possible for their software to block any software they want from running, yes. You just have to program their application this way. But there are some deeper details about that and they must be considered when your system itself is being designed.
4) If by any chance of the “non legally relevant software” try to erases the flash memory, this action must be blocked.
Seems reasonable, one can disable any commands that might erase a partition. But this is still a little bit unclear, lacks details.
5) Stop any attempt of data read/write/erase attempt using cloned module/system.
This looks possible but “cloned module/system” admits a possibility that an attacker has physical access to the device. Unless you implement some external anti-tamper system one cannot completely guarantee that an attacker won’t, for example, disassemble the device and dump the flash contents.
I hope my comments are relevant enough. Please feel free to tell us more about your requirements so we can help you further with this.