Dear NVIDIA Team!
I followed all the steps in your security guide for securing my jetson nano.
Details are also given in another entry in this forum here
Host PC: Lenovo Think pad, Ubuntu 18.04
Target: Jetson nano eMMC tegra210-p3448-0002-p3449-0000-b00
I burned the E Fuses according to my needs using a PKC key. Afterwards, I could see the correctly burned odm key. So this steps looks fine.
Afterwards I flashed the signed OS using the following command:
sudo ./flash.sh BOARDID=3448 BOARDSKU=0002 FAB=400 -x 0x21 -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1
The jetson nano boots afterwards. So it seems to be fine.
Now, I wanted to see if the secure boot really works and tried to repeat the flash step without PKC key using the following command:
sudo ./flash.sh jetson-nano-emmc mmcblk0p1
And, also this worked and the jetson nano booted fine.
Is this the expected behaviour? My understanding was, that I should not be able to flash something to the jetson nano without using the PKC key. Or am I wrong?
If my understanding is wrong, then how can I test if the secure boot step really worked?