It is not secure boot enabled. We havent fused any variable to this module.
It is just the normal flash we have done and released our product. Currently our customer want Secure erase feature for this unit.
Of course this happens. We can put the device in to recovery mode either through the command and can do reflash successfully:
sudo reboot --force forced-recovery
or by shorting some pin using a jumper cable.
Yes. Even I have observed some messages saying "Erasing… " being printed on the terminal during the flashing process.
So let me know, How to implement secure erase and demonstrate that to our customer?
I have below queries, pls let me know your thoughts on this:
-
If we do complete secure erase on the eMMC ( 64 GB) where I am flashing my “/” ( RFS) using ‘dd’ or “shred” command( used for writing random 1 or 0s) , wont the unit shut down at the end of “dd” cmmand as my complete kernel image will be wiped off.
Can we force the unit to recovery mode after this secure erase and flash it again? -
Cannot we demonstrate the secure erase on the external M2 NVM drive so that we are safe with our eMMC and unit is stable and will be running all the time? Isn’t this better idea than wiping of entire internal eMMC.
-
How to prove that secure erase was successful and we cannot recovery any data from the erase NVM drive again?
Is here any recovery tool specific to Nvidia Jetson that we should use for data recovery? -
Is jetson security documentation provided the documentation link is different from the “Secure Erase” concept?
-
Is the Erase that happen during flashing is normal erase or secure erase?
-
Also, Let me know the commands that the flash.sh uses for it, if you have the details handy. Even I would check the contents inside flash.sh to see the commands used for Erasing.
Thanks in advance. These answers would help me understand things much better,