Crypto processes during Boot


I am investigating the Jetson ORIN NX SoM. In the reference provided
Both BootROM and PSCROM are embedded devices in the SoC.
PSCROM provides authentication and decryption services to BootROM and audits the next stage boot on BPMP (for example, MB1) and PSC (for example, PSC-BL1).

Firstly, are both BootROM and PSCROM innated trusted with no validation at boot because of their location?

The first use of PSCROM doing crypto function seems to be BCTs. Are they NVIDIA owned keys that aren’t described? What crypto engine is active for its use at this time? is the authentication method a simple hash matching?

At what point, are user defined keys being pulled to anticipate user applications, both Trusted Application (TA) or Client Applications (CA), rather, even earlier with user defined settings/parameters/anything? and to where are those cryptomaterial pulled to?

I have yet to find a hardware layout diagram to understand what is where. if you have a reference, i will appreciate it.

Thank you,



please refer to Orin TRM, you may check below block diagram for [Platform Security Controller].
for instance,

it’s Secure Boot Key (SBK), used by the PSCROM to validate boot images.
there’re FUSE_KEYS_FKDD_SK_0_0 and also FUSE_KEYS_FKDD_AK_0_0 as part of the PSC fuse.
you may see-also Jetson Orin Fuse Specification for more details.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.