Disabling flash rear/write in recovery mode

Is there a way to disable the ability to read/write flash memory in recovery mode, from the TX2 device itself, without connecting the TX2 device to a host machine or using SecureBoot?

hello Undertow10,

may I know what’s the use-case, the formal suggestion would be enable Security features.
thanks

Hi Jerry,

We only have remote access to the device but we would like to prevent writing to flash memory via recovery mode. It is not clear if one of the fuses or some other feature allow for this.

hello Undertow10,

please enable secureboot for your request.
thanks

Hi Jerry,

From my understanding, we can set the fuses from the TX2 device, but we would still need physical access to the device in recovery mode in order to burn a signed image. Is there a way to do everything remotely?

hello Undertow10,

you may enter forced-recovery mode with the following command, $ sudo reboot forced-recovery
thanks

I think there’s a misunderstanding. We do not have physical access to the device, so putting it into recovery mode is useless. We cannot re-flash anything over micro-usb because we do not have physical access.

It sounds like enabling secureboot fully remotely is not an option because it requires a signed image to be burned into flash. I guess this is not possible.

This is correct.