Jetpack 5.1.3

Hello,
We are designing a custom carrier board for Xavier AGX Industrial and plan to remove RTC (Real Time Clock) completely from our design. We are also implementing UEFI secure boot and filesystem encryption do we need RTC for secure boot or anything related to the boot sequence?

Thanks!

Hi dhairya.mehta,

RTC is used for counting the time.
I think you could remove it and work with UEFI secureboot and disk-encryption enabled.

Hello,
Yes, i am aware of it. But for UEFI secure boot snippet from developer guide is below. As you can see in the snippet we are creating certs with a validity period for 3650 in the snippet below. Now, since this bootup using UEFI secureboot is Jetson specific, i wanted to confirm if we need RTC working to validate the the certificate.
(Atleast that is how openssl validates when we use SSL certs for application development).

Section: UEFI Secureboot

Prepare the PK, KEK, db Keys

Generate the PK, KEK, db RSA keypairs and certificates

To generate the PK, KEK, and db RSA keypairs and certificates, run the following commands:

$ cd to <LDK_DIR> $ mkdir uefi_keys $ cd uefi_keys ### Generate PK RSA keypair and certificate $ openssl req -newkey rsa:2048 -nodes -keyout PK.key -new -x509 -sha256 -days 3650 -subj β€œ/CN=my Platform Key/” -out PK.crt ### Generate KEK RSA keypair and certificate $ openssl req -newkey rsa:2048 -nodes -keyout KEK.key -new -x509 -sha256 -days 3650 -subj β€œ/CN=my Key Exchange Key/” -out KEK.crt ### Generate db_1 RSA keypair and certificate $ openssl req -newkey rsa:2048 -nodes -keyout db_1.key -new -x509 -sha256 -days 3650 -subj β€œ/CN=my Signature Database key/” -out db_1.crt ### Generate db_2 RSA keypair and certificate $ openssl req -newkey rsa:2048 -nodes -keyout db_2.key -new -x509 -sha256 -days 3650 -subj β€œ/CN=my another Signature Database key/” -out db_2.crt

Caution

The generated .crt files are self-signed certificates and are used for demonstration purposes only. For production, follow your official certificate generation procedure.

If you don’t have RTC, then it would use epoch based time for certificate.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.