fTPM Implementation and Provisioning

mehmetyusuf1414 · April 8, 2025, 8:09am

Hello there,

I have two questions regarding Jetson fTPM installation.

First, we are using a preconfigured Jetson Linux version based on R36.4.3, along with a custom carrier board rather than the original one used for Orin NX. I was unable to find the optee directory within our image files. As suggested in the official guidelines, I retrieved the optee directory by downloading a fresh BSP package. I understand that compatibility depends on our specific configuration, but I would like to know if you believe this approach could cause any conflicts.

My second question is about the FSKP package. According to the documentation, it is a partner release package. Is there any way to test the fTPM provisioning process without burning fuses or making permanent hardware changes? I would like to avoid risking any damage to our devices during initial testing.

Thank you for your time.

KevinFFF · April 8, 2025, 9:04am

Hi mehmetyusuf1414,

Please download them from Driver Package (BSP) Sources.

It should be also working on your custom carrier board. fTPM is SW implementation.

I think burning fuse is necessary in this use case.

May I know what’s your use case and requirement?

mehmetyusuf1414 · April 8, 2025, 10:22am

Hello Kevin,
Thank you for your reply.

We are developing security solutions using various camera systems and sensors, with a focus on ALPR systems. We require fTPM to secure our custom image installations on Orin NX modules.

I’m still exploring the full capabilities of fTPM, so I may be referring to some use cases incorrectly. However, I’m confident that we will need to utilize fTPM in our project.

Thank you again for your time.

KevinFFF · April 8, 2025, 12:16pm

For fTPM feature on Jetson, you can refer to Firmware TPM — NVIDIA Jetson Linux Developer Guide for details.

mehmetyusuf1414 · April 8, 2025, 12:35pm

Kevin, thank you for referring me to the guideline.

I have been following it to learn more about fTPM, but I assume that testing fTPM is not possible without burning the fuses—is that correct?

Thank you once again.

KevinFFF · April 9, 2025, 2:12am

Correct, burning the fuse is required to verify fTPM.

mehmetyusuf1414 · April 9, 2025, 7:25am

I have one more small question,

The Official TPM 2.0 Reference Implementation (link) can be used to simulate fTPM Provisioning, right? This allows us to test the process safely I assume.

KevinFFF · April 10, 2025, 6:38am

We’ve not verified that locally, but it seems worth to try if you want to simulate TPM2.0.

Topic		Replies	Views
fTPM implementation in a Jetson Orin Nano Devkit Jetson Orin Nano nvbugs , tpm	5	129	April 22, 2025
About optee TAs (core dumped) Jetson Orin Nano security	10	26	January 22, 2025
Enable RPMB on the Jetson AGX Orin Jetson AGX Orin security	4	35	November 20, 2024
Orin NX TPM 2.0 SPI support Jetson Orin NX spi	13	1890	September 26, 2023
Technical Details on Firmware TPM Support Jetson Orin NX tpm	3	91	November 7, 2024
Boot process Nvidia Jetson AGXOrin Jetson Orin NX boot	7	34	April 17, 2025
Encrypted File-system support on Jeston Orin-Nano JP 6.0 Jetson Orin Nano tpm	8	93	December 12, 2024
Measured Boot Implementation with OP-TEE and TF-A on Jetson Orin Nano Jetson Orin Nano security	18	142	April 23, 2025
Questions about Orin Secure Boot Jetson AGX Orin security	2	285	June 24, 2024
Orin Nx Dev Kit PXE Boot Jetson Orin NX boot	10	97	March 5, 2025

fTPM Implementation and Provisioning

Related topics