Doubts about secure boot in TX2

Hi friends,

I make a summary of how to enable secure boot in TX2 as below, could you tell me are they right?
If public_key_hash is fused and production mode is fused, the secure boot is enabled.
If public_key_hash is fused but the production mode is not fused, the secure boot is not enabled.
If the production mode is not fused, there is no secure boot at all.

Thanks

Hi @merlinwu, I don’t have an answer, but I Would like to know where you’re getting this information? Which doc? I’m also interested in secure boot for TX2…

hello merlinwu,

  1. If public_key_hash is fused and production mode is fused, the secure boot is enabled.
    yes
  1. If public_key_hash is fused but the production mode is not fused, the secure boot is not enabled.
  2. If the production mode is not fused, there is no secure boot at all.
    you could check this from the kernel message,
    for exmaple,
androidboot.security=enabled

hello roach374,

you could access the documentation from the Jetson Download Center,
title: [Jetson Platform Fuse Burning and Secure Boot Documentation and Tools]

According to the documentation you mentioned, I notice that the fuse odm_production_mode “Indicates production part, enforces secure boot, disables debug, locks fuse programming”.

I have several questions about this:

  1. The bootrom will verify the public key in BR-BCT through validating SHA256 hash in fuse vs RSA2048 public key modulus. So if the production mode is not fused, the bootrom will not validate the public key in BR-BCT no matter whether the SHA256 hash of the public key is fused, right?

  2. The bootrom will vefiry the MB1 and jumps to MB1. The fuse “secure_boot_info” specifies the validation methods including “PKC” or “AES-CMAC using SBK”. So if the production mode is not fused, the bootrom will not validate the MB1 no matter whether the “secure_boot_info” is fused, right?

Thanks

Hello JerryChang,

  1. What you mentioned is in kernel, however the MB1, MB2 and TOS booted before the kernel boots up. So I want to know whether the MB2, TOS and so on are validated even if the production mode is not fused.

  2. If I have fused the “secure_boot_info”, “public_key_hash” but the “odm_production_mode” is not fused, which components are securely validated and which components are not?

hello merlinwu,

what’s the secure_boot_info you’re mentioned, may i know which tegraflash alias it is.