I do not quite understand the Nano boot process and the idea behind signing the kernel and the DTB files.
So far I got that the DTB needs to be signed and placed in a separate partition. If an unsigned DTB is specified in the extlinux.conf file, the boot process will stop.
The kernel Image needs to be signed as well somehow and placed in the /boot folder. If it is not signed, it will boot but X11 will fail to start and GPU functions will not be available.
The way to sign those files is to use the “./create-jetson-nano-sd-card-image.sh” of the SDK-Manager on some Ubuntu PC.
My questions regarding this are:
-
What is the purpose of the signing? It does not seem to serve any particular security feature since if an attacker could replace the DTB and/or kernel on the target system, he could still do so, he just needs to sign them.
-
Are there any open source tools to create the signed files so that they could be run in a sane development environment, outside of the SDK Manager?
-
Is there a way to just disable this silly feature?