How to generate a user key for enabling Jetson TX2 secure boot

Hi, I want to encrypt my image on Jetson TX2 but I find the blog not detailed enough about this topic. How can I generate the user key for encrypt the kernel image and do I have to use If I am, blog shows its usage command as
sudo ./ -i <chip_id> -p -k <key.pem> --KEK[0-2] <KEK file> -S <SBK_file> > <device_name>
But I have not most of these informations as chip_id, key.pem etc. I only have the RSA key pair as shown in the blog, Here is the address of the blog
Secure boot

hello mehmetutkucolakofficial,

the user_key is specified in eks.img.
you may download public release sources for checking CA sample,
i.e. hwkey-agent/CA_sample/tool/gen_ekb/ to generate eks.img, the sym.key is the user_key.
it’s Trusty retrieves user_key from eks.img, and loads the key into keyslot_14 for decryption. when flashing, please use --use_key options to specify the user_key.

please see-also developer guide. Tool for EKB Generation.
here’s similar discussion thread you may reference, Topic 238756.

Hello, thanks for answer.
Where can i find the eks.img file and how to download CA samples? Sorry, I am just a beginner

hello mehmetutkucolakofficial,

please visit Jetson Linux Archive page, there’s [Driver Package (BSP) Sources] to contain all public release sources, you shall download the same release package as your working environment.

I see, thank you. I have already downloaded this and run the nvidia setup. But I see no sample yet, here is my Linux_for_Tegra directory:

~/nvidia/nvidia_sdk/JetPack_4.6.3_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/source$ ls

So there is not any folder else and I’m not able to find file

hello mehmetutkucolakofficial,

you should download the [Driver Package (BSP) Sources] package.
please extract trusty_src.tbz2 package, and you shall see it’s under CA sample folder.
for example, ./trusty/trusty/app/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb/

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.