I am using Jetson for my College project, now I want to test and record results for secure boot multiple times with different keys without burning the fuses. How can I do this. I will test this in development mode only.
How to get the FAB Id for writing odmfuse file.
hello JetsonNX123,
there’s --test options to prevents the script from actually burning fuses. you could enable test option to create fuseblob.
please refer to developer guide, odmfuse.sh Options for details.
you may see-also Topic 242107, FAB number and also board information is reported while you do image flashing.
Thank you so much for your quick response.
Now I have another question as in when I move to production environment for my Jetson Xavier NX board and fuse the keys permanently, will I be able to rotate the keys if they get compromised.
If yes, then how many times and if it is not possible, then what would be the subsequent actions.
Thanks in advance for your help.
Please note these details will help in finalizing the board for my future industry collab projects.
hello JetsonNX123,
that’s invalid.
FYI, when programming a fuse, such as changing a value of a fuse bit from 0 to 1, it is non-reversible.
once a fuse bit is programmed by setting to 1, you cannot change the fuse value from 1 to 0.
please refer to Tutorials page. you may see-also this training video, Jetson Security and Secure Boot, which gives an overview of security features for the Jetson product family and explains in detailed steps the secure boot process, fusing, and deployment aspects.
Thanks once again. In addition to the query I had asked earlier I would like to know what happens when the PKC I have burnt gets compromised and we change it.
Now am I allowed to use Reserved ODM fuses to store PKC or the device i.e. Jetson Xavier NX becomes unusable.
hello JetsonNX123,
please refer to Jetson Xavier NX Fuse Specification Application Note about Reserved ODM.
Thank you so much. It is clear from the application notes that there is no mechanism to rotate the PKC hash. It means if the private key is compromised we would have to abandon the Xavier NX Jetson device. We can’t use it anymore.
hello JetsonNX123,
that’s correct. you should maintain, and protect that key in the trusted environment securely.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.