We want to enable secure boot. To do that, we followed the instructions on Secure Boot in Vibrante Foundation SDK/PDK 4.0 for DRIVE CX 2 Development Guide.
We generated a PKC key pair with Openssl, generated binary and a PKC hash.
According to the Guide, we need some type of key and key index provided by Nvidia to burn the fuses on board for secure boot.
Here is what we have done for your information. We generated the fskp_fuse xml:
<genericfuse MagicId="0x4646464" version="1.0.0"> <fuse name="PublicKeyHash" size="32" value="0x0123456789abcdef0123456789abcdef"/> <fuse name="BootSecurityInfo" size="4" value="0x2"/> <fuse name="SecurityMode" size="4" value="0x1"/> </genericfuse>
where the PublicKeyHash is generated with
./utils/flash/tegrakeyhash --pkc rsa_priv.pem
To burn the fuse, we are supposed to run this command after we put the target in recovery mode:
./fskp_fuseburn.sh --fusefile fskp_fuse.xml --key <KEY PROVIDED TO YOU BY NVIDIA> --keyindex <KEY INDEX ASSOCIATED TO KEY> --burnfuses --rpmb
We assume that Nvidia provides and .
Please let me know how to get the key and key index and other information we might need to enbale secure boot.