Are there security / cybersecurity differences between OP-TEE TA and PTA on Jetson, and how to implement a secure watchdog reset?

nik01flink · December 11, 2025, 2:03am

Hi, thanks again for the explanation!

I’d like to double-check my understanding and then ask specifically about the reset path:

TA vs. PTA (security perspective)
As I understand it:
- A PTA is part of the OP-TEE core, runs in secure kernel mode (S-EL1), shares the core’s address space and can call internal core APIs directly.
- A TA runs in secure user mode (S-EL0), has its own .ta binary and an isolated context.
From a security perspective this would mean that a successful exploit in a PTA could compromise the whole OP-TEE core, whereas an exploit in a TA would (in principle) be contained to that TA. So in general, it seems preferable to keep complex logic in TAs and avoid PTAs unless strictly necessary.
Is this understanding correct?
Reset implementation (TA vs. PTA)
In my design, the watchdog / verifier logic itself will run in a TA.
What I’m still unsure about is the reset mechanism:
- Is it actually possible on Jetson to trigger a platform reset purely from a TA, e.g. via some OP-TEE core service or existing PTA?
- If not, would you recommend implementing a minimal PTA that only provides a “reset now” command (e.g. doing a PSCI reset) and is called by the watchdog TA when the system is deemed untrusted?
I’d like to understand what I would be giving up security-wise by introducing such a reset-PTA compared to a purely TA-based solution.
Practical reset options on Jetson
Finally, I’m looking for guidance on the practical reset options on Jetson:
- How would you typically reset the board from Linux userspace (outside of OP-TEE)? Just reboot(2) or also via a GPIO wired to the reset input?
- How could a reset be triggered from the TEE side (TA or PTA)?
- Is there any recommended way (or documentation) for asserting the module’s SYS_RESET line on Jetson?

Is there a pattern you would generally recommend (PSCI reset from secure world vs. Linux reboot vs. GPIO-based reset), and which approach would you prefer for a security-critical watchdog on Jetson with OP-TEE, fTPM and IMA?

Any clarification on these points would be very helpful. Thanks again!

Topic		Replies	Views
How to enable TPM2 module in Trusted Zone (OP-TEE) on Jetson Orin Nano? Jetson Orin Nano security	11	666	August 22, 2025
How to enable OP-TEE Jetson AGX Orin kernel , board-design , security	2	97	December 1, 2025
Measured Boot Implementation with OP-TEE and TF-A on Jetson Orin Nano Jetson Orin Nano security	20	892	May 29, 2025
Create a Trusted Application for the Orin Nano that reads and extends the tpm Jetson Orin Nano security , jetson	2	181	April 16, 2025
Python integration with op-tee Jetson Xavier NX security	5	712	March 11, 2024
TEEC_ERROR_ITEM_NOT_FOUND (0xffff0008) When Using OP-TEE on Jetson Orin Nano Jetson Orin Nano security	16	621	March 5, 2025
How can I disable OP-TEE on Nvidia Jetson Xavier NX? Jetson Xavier NX security	33	1884	March 5, 2023
Watchdog Jetson TX2	12	2984	October 18, 2021
Seeking Clarity on Hardware-Level Watchdog Timer: Does It Exist in Jetson Nano P3448-0003? Jetson Nano boot , hw , kernel , board-design , jetson	4	155	January 17, 2025
Jetson won't boot after update TOS image Jetson AGX Xavier security , nvbugs	32	2484	May 30, 2023

Are there security / cybersecurity differences between OP-TEE TA and PTA on Jetson, and how to implement a secure watchdog reset?

Related topics