Is there a way to disable the ability to read/write flash memory in recovery mode, from the TX2 device itself, without connecting the TX2 device to a host machine or using SecureBoot?
may I know what’s the use-case, the formal suggestion would be enable Security features.
We only have remote access to the device but we would like to prevent writing to flash memory via recovery mode. It is not clear if one of the fuses or some other feature allow for this.
please enable secureboot for your request.
From my understanding, we can set the fuses from the TX2 device, but we would still need physical access to the device in recovery mode in order to burn a signed image. Is there a way to do everything remotely?
you may enter forced-recovery mode with the following command,
$ sudo reboot forced-recovery
I think there’s a misunderstanding. We do not have physical access to the device, so putting it into recovery mode is useless. We cannot re-flash anything over micro-usb because we do not have physical access.
It sounds like enabling secureboot fully remotely is not an option because it requires a signed image to be burned into flash. I guess this is not possible.
This is correct.