I wanted to ask whether it’s possible to perform secure fusing on a Jetson Orin NX from an x86-based VM or container. Has this workflow been fully validated?
I plan to test it myself, but I’ve heard from others that it may not work due to USB timeouts. They mentioned it could take a week or more to investigate the issue, so I’d really appreciate any quick insights or guidance from the community.
Specifically, I’m setting up a host in the factory to perform secure fusing for Jetson devices. The advantage of using a VM or container is that we can easily restore its state and avoid persisting sensitive data (e.g., fuse contents encrypted with an FSKP expansion key) on the file system after the fusing process.
However, if there are known limitations or issues that prevent this from working in a VM or container environment, I’ll explore alternative solutions.
Thanks in advance, and I’m looking forward to your advice!
FYI, VMs are not technically supported. Some people have got them to work, but quite often things like USB or Ethernet passthrough fails. In particular, USB will disconnect and reconnect during any flash. I don’t think that fusing keys will be any different than requirements for flashing.
Just beware that a lot of disk space is required for flashing. Also, once fuses are burned, that Jetson becomes junk if you do not have the proper key. Losing information from the VM, e.g., from shutdown, needs to be very carefully set up to never occur or you’ve just lost the hardware. Also, the underlying filesystem must be ext4, or else the flash will appear to succeed, and still the installation will unrecoverable without another flash using the same key.
You would find life less complicated to just use the correct Ubuntu release. Do note though that command line flash usually has fewer restrictions than GUI flash, e.g., the GUI adds more requirements to the host PC.
that’s correct, you’ll need to handle the USB forwarding through VM to make it works.
however,
here’s another approach to avoid leaking keys.
you may create mass fuse blob, and using it to fuse multiple Jetson devices simultaneously.
please refer to.. $OUT/Linux_for_Tegra/bootloader/README_Massfuse.txt
besides,
you may also refer to below forum topics about massfuse.
such as.. Topic 273585 and Topic 222924.