Enable RPMB on the Jetson AGX Orin

Hi,

I am currently setting up secure boot on the Jetson AGX Orin developer kit on Jetpack 6.1. Afterwards I want to enable disk encryption too.
My plan is to burn the fuses with the following configuration:

<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="PublicKeyHash" size="64" value=""/>
    <fuse name="SecureBootKey" size="32" value=""/>
    <fuse name="OemK1" size="32" value=""/>
    <fuse name="OemK2" size="32" value=""/>
    <fuse name="BootSecurityInfo" size="4" value="0x20b"/>
    <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

I also want to use OP-TEE later to secure some proprietary algorithms. The TA was created using optee_examples.
On that link Secure Storage — NVIDIA Jetson Linux Developer Guide 1 documentation I can read that to enable RPMB Key Provisioning, I need to contact Nvidia support. This would then also be burned into the fuses.
How can that be done?
Would that achieve higher security than keeping the basic REE-FS setup and then use the scripts/sign_encrypt.py script to sign and encrypt the trusted application? Afaik, signing and encrypting would provide confidentiality and integrity, so the extra hardware security would generally not be necessary.

Thank you for your help!

Hi,
Here are some suggestions for the common issues:

1. Performance

Please run the below command before benchmarking deep learning use case:

$ sudo nvpmodel -m 0
$ sudo jetson_clocks

2. Installation

Installation guide of deep learning frameworks on Jetson:

• TensorFlow: https://docs.nvidia.com/deeplearning/frameworks/install-tf-jetson-platform/index.html
• PyTorch: Installing PyTorch for Jetson Platform - NVIDIA Docs
  We also have containers that have frameworks preinstalled:
  Data Science, Machine Learning, AI, HPC Containers | NVIDIA NGC

3. Tutorial

Startup deep learning tutorial:

• Jetson-inference: Hello AI World guide to deploying deep-learning inference networks and deep vision primitives with TensorRT and NVIDIA Jetson
• TensorRT sample: Jetson/L4T/TRT Customized Example - eLinux.org

4. Report issue

If these suggestions don’t help and you want to report an issue to us, please attach the model, command/step, and the customized app (if any) with us to reproduce locally.

Thanks!

Hi,
thank you for your answer.
Unfortunately the Performance, Installation and Tutorial Links are not related to my problem. Is there any further information that I should provide?

hello andib,

you can generate your own RPMB key, you need to contact NVIDIA technical support if you’re going to enable Factory Secure Key Provisioning (FSKP).

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.