BIOS Protection Orin NX 16GB

Hi, may I check is there any password protection Or protection in general I can implement to prevent unauthorised user from changing BIOS settings eg boot kernel, boot drive.

Jetsons do not have a BIOS. The equivalent exists in software. For eMMC models, this is in a partition, and for SD card models (dev kits without eMMC) this is in QSPI memory.

For eMMC models, except for rootfs, all partitions are signed during flash. The default is to flash with a NULL key, but it is still signed. No partition without valid signing will be used in boot.

There is normally an ability to take the kernel and device tree from a file in '/boot". This content also exists in QSPI or signed partitions. The “/boot” content normally takes precedence, but if it is not there, then partitions will be used instead.

If you burn the security fuses (eMMC models have this, SD card dev kit models do not), then only partition content is allowed. Once that occurs, no “/boot” kernel or device tree is allowed. The partitions would be signed with your private key, and inaccessible to reading the key. You won’t necessarily stop reading of that content, but you will stop altering of those partitions when fuses are burned. The key itself is not available, so you’d have to know the key to flash software which would be accepted. This includes the equivalent of a BIOS and the bootloader/UEFI.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.