Meaning of unexplained fuses in AGX Xavier

Hello,

I have a question regarding meaning of some AGX Xavier’s fuses:

  • Endorsement key`
  • ODM Fuse Encryption Key usage enable bit and selectors
  • Fuse secure provision info
  • How exactly ECC fuses are computed?

These fuses are mentioned only in fuse specification appnote, but aren’t seem to be documented elsewhere.

hello initrd.img,

don’t there’re descriptions in Application Note, i.e. Jetson AGX Xavier Series Fuse Programming.
please share more details of your questions. thanks

No, there are no descriptions for that fuses in mentioned application note. There are mentioned, yes, but I’m unable to find their meaning.

E.g.

Endorsement Key
This key might be burning in encrypted form,
with decryption performed by boot ROM.

What encryption scheme is used? How does this key affect device operation? How this key is used?

I’m building a flashing scheme where keys are generated and stored on a server and released only as a ready fuse blobs. So the ability to perform somehow secure fuse provision would be beneficial. Fuse names suggest that something like this is already present in Xavier, but unfortunately there is completely no info apart from fuse names and short descriptions.

hello initrd.img,

please check below for details…

  • Endorsement key
    • Endorsement key is a private key that system manufacturers can burn into the fuse to create an identity for the device, which used for telling if it’s a genuine device.
  • Fuse secure provision info
    • That’s factory secure provision mode. it may keep as zero generally.
  • ODM Fuse Encryption Key Select
    • These bits are not supported currently, please ignore them.
  • Fuse ECC
    • Fuse ECC is handled internally.
    • note, for the secure-boot-related fuses, which may be protected by FUSE_SECURITY_MODE. other fuses like FUSE_RESERVED_ODM, can be programmed as long as those bits are available.

Thank you for the response.

Is there any documentation or application notes regarding this mechanism?