Hi, I use a NVIDIA Jetson AGX Xavier developer board.
I got some question about security world on the board.
Q1. Is it possible to enable “Secure World” without secure boot?
Q2. If ‘Q1’ is impossible, is there any way to use security hardware in normal world?
Q3. Could I know where the secure things are? (like, Trusted Applications, codes and etc…)
I tried to find out that on the board but I failed.
The reason why I ask these question is…
The things I’m developing is for a security test, not mass production.
So, I wanted to know if there’s a way to use security hardwares without secure boot or TOS.
This category is for DOCA security conversations. This topic will be better served if it was posted in the Jetson AGX Xavier forum, I will move it over for you.
please also check this documentation, Trusty Key Generation APIs.
it needs input a key, which must be loaded into an SE keyslot.
however, for testing purpose. you may pre-load the keys into the keyslot.
please check public release sources for reference,
i.e. $L4T_Sources/r32.6.1/Linux_for_Tegra/source/public/atf_and_trusty/trusty/trusty/app/nvidia-sample/hwkey-agent/key_mgnt.c
please visit https://developer.nvidia.com/embedded/linux-tegra page for the available packages.
you’ll see [Jetson Platform Fuse Burning and Secure Boot Documentation and Tools] in the end of this table. this is the package to enable Jetson security, please read the readme file and also developer guide, Secureboot. you should create your own keys to program the fuse to enable secureBoot.