hello jalufka,
it’s by default using all zero keys. you may fuse the target to add the keys.
note, program the fuse is non-reversible.
here’s an FYI,
PKC for sign: if PKC is burned, then the KEYFILE users provide is for signing the images.
SBK for encryption: if SBK is burned, then the SBKFILE users provide is for encrypting the images.
KEKs for encryption keys:they are keys to encrypt your keys. KEK0, KEK1, KEK2 are 128-bit key files; KEK256 is 256-bit key file. please use the commands, --KEK* to determine which key encryption key you’re going to fused.
you may access https://developer.nvidia.com/embedded/linux-tegra and check [Tools] session for Jetson Platform Fuse Burning and Secure Boot Documentation and Tools.
BTW,
please access tutorials page for the Jetson Security and Secure Boot, this training video gives an overview of security features for the Jetson product family and explains in detailed steps the secure boot process, fusing, and deployment aspects.
you may also see developer guide, Jetson security for more details.
thanks