I am interested in more detailed explanation of Xavier and TX2 boot flow. Especially in loading and checking signatures.
Do you load all software from flash to SDRAM (or to SysRAM) before checking signatures? In general, how do you avoid TOCTOU issue like in Intel Boot Guard?
secure boot is to ensure boot process is secure and follow the chain of trust.
there’re loading and authentication flow for MB1, and copies MB1 into SysRAM.
MB2 also had similar flows for authentication, but MB1 copy it into DRAM; after that, BPMP-FW own the controls.
please refer to Training video from tutorials page;
you might also check Topic 107742 for reference.