Is there any documentation that can be used to ascertain that BootROM validation of MB1 follows best practices or some compliance framework or the like?
Thanks.
Hi Steve.Hildebrandt,
The public Jetson documentation describes the Xavier secure boot chain of trust, including that BootROM verifies and loads MB1/bootloader components, and that MB1 is signed and encrypted by an NVIDIA-owned key. However, we do not publish a separate public document that maps BootROM validation of MB1 to a specific compliance framework or certification.
Please refer to the following documents for details:
Jetson Xavier NX and Jetson AGX Xavier Boot Flow — NVIDIA Jetson Linux Developer Guide 1 documentation
Secure Boot — NVIDIA Jetson Linux Developer Guide 1 documentation
Hi,
thank you for the quick response. The referenced documentation promoted me to ask this question.
Would you be able to make a statement that it at least of a security strength 112 bits per NIST.SP.800-57pt1r5. E.g AES 128 + RSA 2048 would fulfill these criteria.
We do not publish a formal NIST SP 800-57 conformance statement for BootROM validation of MB1.
What we can say from the public Secure Boot documentation is that Jetson AGX Xavier supports RSA-2048 or RSA-3072 for PKC, and a 128-bit SBK for bootloader encryption. So yes, Xavier Secure Boot can be configured with key sizes consistent with the 112-bit security-strength example you mentioned. That said, this should not be interpreted as a separate formal compliance certification or NVIDIA-published NIST conformance claim.