Encrypted boot loader support on Jetson Nano?

Hello,

I’m trying to work out whether the Jetson Nano supports encryption of the boot loader (U-Boot), and if so how one would go about it. The Jetson Nano Fuse Specification Application Note hints at the possibility with the SBK + DK, but then also goes on to state that this is obsolete and not used any more. With using PKC it only appears possible to verify the boot loader, not encrypt it.

The reason for my asking is that we’d like to be able to encrypt the root filesystem in order to prevent read-out of proprietary code. This obviously necessitates having a decryption key which must also be protected, and could be provided by the boot loader as long as the loader itself is encrypted.

Thankful for any insight that can be provided.

Hi,
We don’t support it on Jetson Nano. There are more information in

Hi, and thank you for your answer. Could please confirm that once the ODM Production Mode fuse has been blown, it would not be possible to read out the ODM Reserved fuses externally? The application note is not entirely clear on this aspect, and suggests it only applies to the production fuses, not the field programmable fuses. Thanks in advance!

1 Like

Hi,
ODM reserved fuses are protected by ODM lock fuse, and only the fist 4 banks are protected. In hardware design ,if ODM production mode fuse is programmed and ODM lock fuse is not programmed, you can read out ODM reserved fuses. But in software flow, we suggest to program all fuses in single step. Please refer to

Ah, I see. So the ODM Lock is not just a write-lock, it’s also a read-lock. Thanks for clarifying, this is very useful information! Do consider updating the application note to mention the read-lock aspect too.