Hi, I want to encrypt my image on Jetson TX2 but I find the blog not detailed enough about this topic. How can I generate the user key for encrypt the kernel image and do I have to use odmfuse.sh? If I am, blog shows its usage command as
sudo ./odmfuse.sh -i <chip_id> -p -k <key.pem> --KEK[0-2] <KEK file> -S <SBK_file> > <device_name>
But I have not most of these informations as chip_id, key.pem etc. I only have the RSA key pair as shown in the blog, Here is the address of the blog
Secure boot
hello mehmetutkucolakofficial,
the user_key is specified in eks.img.
you may download public release sources for checking CA sample,
i.e. hwkey-agent/CA_sample/tool/gen_ekb/example.sh to generate eks.img, the sym.key is the user_key.
it’s Trusty retrieves user_key from eks.img, and loads the key into keyslot_14 for decryption. when flashing, please use --use_key options to specify the user_key.
BTW,
please see-also developer guide. Tool for EKB Generation.
here’s similar discussion thread you may reference, Topic 238756.
thanks
Hello, thanks for answer.
Where can i find the eks.img file and how to download CA samples? Sorry, I am just a beginner
hello mehmetutkucolakofficial,
please visit Jetson Linux Archive page, there’s [Driver Package (BSP) Sources] to contain all public release sources, you shall download the same release package as your working environment.
I see, thank you. I have already downloaded this and run the nvidia setup. But I see no sample yet, here is my Linux_for_Tegra directory:
~/nvidia/nvidia_sdk/JetPack_4.6.3_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/source$ ls
nv_src_build.sh
So there is not any folder else and I’m not able to find gen_ekb.py file
hello mehmetutkucolakofficial,
you should download the [Driver Package (BSP) Sources] package.
please extract trusty_src.tbz2 package, and you shall see it’s under CA sample folder.
for example, ./trusty/trusty/app/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb/gen_ekb.py
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.