Hardware random number generator (HWRNG)

Does the AGX Xavier’s Secure Element include a hardware random number generator? How can I access it from a trusted application?

Thanks,

Edmund

hello edmund.grimley-evans,

there’s hardware crypto security engine key slot for storing SBK, KEK, SSK…etc.
please also refer to Generating the RSA Key Pair, and Preparing the SBK Key sessions, you should generate and maintain keys by yourself.

there’s similar discussion thread for your reference, Topic 74903, you may use keys generated by HSM,
BUT, fusing and signing takes .pem file as the input; you’ll also need to consider how to convert your HSM output key as *.pem file.
thanks

FYI, I think the answer to this is “no”. Most answers you will see are about storing keys, and not for generating random numbers in early boot stages.

FYI, I think the answer to this is “no”.

Thanks! Then the obvious alternative is to store some entropy. You haven’t by any chance worked out how to store data in Trusty so that it survives a reboot, have you?

Edmund

I have not. I am curious though, that if content already has a stored unreachable key (the boot software can use such a key, but nobody can read this key directly), what would your use for entropy be? Normally entropy is for generating content, but boot only validates and reads content. Knowing more the use case and why you want to generate entropy when protected signed content is used might help. Normally the signing is performed on the host PC, and once the fuses are burned, there is no way to get that information externally other than having been the person who signed and burned remembering what the key was.

hello edmund.grimley-evans,

suggest you might also access Tutorials page, to expand [Developer Tools] session for more contents.
please check [Jetson Security and Secure Boot] training video for an overview of security features for the Jetson platforms.
thanks