I’m trying to work out whether the Jetson Nano supports encryption of the boot loader (U-Boot), and if so how one would go about it. The Jetson Nano Fuse Specification Application Note hints at the possibility with the SBK + DK, but then also goes on to state that this is obsolete and not used any more. With using PKC it only appears possible to verify the boot loader, not encrypt it.
The reason for my asking is that we’d like to be able to encrypt the root filesystem in order to prevent read-out of proprietary code. This obviously necessitates having a decryption key which must also be protected, and could be provided by the boot loader as long as the loader itself is encrypted.
Hi, and thank you for your answer. Could please confirm that once the ODM Production Mode fuse has been blown, it would not be possible to read out the ODM Reserved fuses externally? The application note is not entirely clear on this aspect, and suggests it only applies to the production fuses, not the field programmable fuses. Thanks in advance!
Hi,
ODM reserved fuses are protected by ODM lock fuse, and only the fist 4 banks are protected. In hardware design ,if ODM production mode fuse is programmed and ODM lock fuse is not programmed, you can read out ODM reserved fuses. But in software flow, we suggest to program all fuses in single step. Please refer to
Ah, I see. So the ODM Lock is not just a write-lock, it’s also a read-lock. Thanks for clarifying, this is very useful information! Do consider updating the application note to mention the read-lock aspect too.