My question is how can I test my UEFI secure images on the jetson board without burning OTP . I want to test secure UEFI Boot in development environment and burning OTP fuse is not an option for me. Please suggest
hello JetsonNX123,
please refer to developer guide, UEFI Secureboot.
you have to generated signed UEFI payloads by using UEFI security keys,
there are…
- Platform Key (PK): Top-level key.
- Key Exchange Key (KEK): Keys used to sign Signatures Database and Forbidden Signatures Database updates.
- Signature Database (db): Contains keys and/or hashes of allowed EFI binaries.
- Forbidden Signatures Database (dbx): Contains keys and/or hashes of denylisted EFI binaries.
db and dbx are UEFI authenticated variables. they are protected by KEK (which is protected by PK, and PK is self-signed).
any corruptions will cause signature verification failure.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.