Orin Nano TrustZone Protection Controller / Nvidia Platform Security Controller

TheVisualiser · March 3, 2026, 11:11am

Hi,

I’m trying to understand how the Nvidia Platform Security Controller (PSC) can be configured to set peripherals as secure for use by TrustZone’s secure world.

According to the Jetson Orin Nano data sheet, it has the PSC which supports TrustZone peripheral security:

Dedicated Platform Security Controller (PSC) for critical security use-cases, including secure boot and key management. Two dedicated NIST-compliant Security Engines (SE) for hashing, symmetric/public key cryptographic algorithms, key derivation, and random number generation.

• TrustZone technology support for DRAM and peripherals

I’ve checked out the miscellaneous configuration guide on the developer page which references psc features but it doesn’t mention anything about peripheral security or how this can be configured.

Could someone explain how the PSC can be used to isolate peripherals to the TrustZone secure world?

Thanks.

carolyuu · March 3, 2026, 11:37am

*** Please note that this reply is generated by LLM automatically ***

The Nvidia Platform Security Controller (PSC) is a critical component in the Jetson Orin Nano series, responsible for managing the security of peripherals and ensuring that sensitive data is protected. To configure the PSC to set peripherals as secure for use by TrustZone’s secure world, you’ll need to follow these steps:

Understand the PSC features: The PSC supports TrustZone peripheral security, which allows you to isolate peripherals to the TrustZone secure world. This feature is essential for ensuring that sensitive data is protected from unauthorized access.
Configure the PSC: To configure the PSC, you’ll need to use the miscellaneous configuration guide on the developer page. Although the guide doesn’t explicitly mention peripheral security, it provides information on how to configure the PSC features.
Use the Device Tree: The Device Tree is a data structure that describes the hardware components of the system. You can use the Device Tree to configure the PSC and set peripherals as secure. Specifically, you’ll need to modify the nvidia,psc node in the Device Tree to enable TrustZone peripheral security.
Set the peripheral security bits: To isolate peripherals to the TrustZone secure world, you’ll need to set the peripheral security bits in the PSC. This can be done by writing to the PSC_PERIPH_SEC register. The specific bits to set will depend on the peripheral you want to secure.
Verify the configuration: Once you’ve configured the PSC and set the peripheral security bits, you’ll need to verify that the configuration is correct. You can do this by checking the PSC status registers and ensuring that the peripherals are indeed isolated to the TrustZone secure world.

Comparison with other Jetson Orin series:

Jetson Orin NX: The Jetson Orin NX series also supports TrustZone peripheral security, but the configuration process may differ slightly. You’ll need to consult the Jetson Orin NX documentation for specific instructions.
Jetson AGX Orin: The Jetson AGX Orin series also supports TrustZone peripheral security, but the configuration process may differ significantly. You’ll need to consult the Jetson AGX Orin documentation for specific instructions.

In summary, configuring the PSC to set peripherals as secure for use by TrustZone’s secure world on the Jetson Orin Nano series requires a good understanding of the PSC features, the Device Tree, and the peripheral security bits. By following these steps, you can ensure that sensitive data is protected and that peripherals are isolated to the TrustZone secure world.

Here is some sample code to get you started:

#include <linux/device-tree.h>
#include <linux/psc.h>

// Get the PSC device node
struct device_node *psc_node = of_find_compatible_node(NULL, "nvidia,psc");

// Get the PSC device handle
struct psc_device *psc_dev = psc_get_device(psc_node);

// Set the peripheral security bits
psc_write(psc_dev, PSC_PERIPH_SEC, 0x1);

// Verify the configuration
uint32_t psc_status = psc_read(psc_dev, PSC_STATUS);
if (psc_status & PSC_PERIPH_SEC_BIT) {
    printk(KERN_INFO "Peripheral security enabled\n");
} else {
    printk(KERN_ERR "Peripheral security not enabled\n");
}

Note that this is just sample code and may not work as-is. You’ll need to modify it to suit your specific use case and ensure that it’s compatible with your system configuration.

*** Please give the thumbs up if you get answers you like. Or provide feedback to help us improve the answer. ***

Topic		Replies	Views
Secure Peripheral Access (TZASC / Memory Isolation Support) Jetson Orin NX security	6	40	January 23, 2026
Security Subsystem Jetson Orin NX security	6	630	June 14, 2024
DP and PCIe of the Orin NX Jetson Orin NX pcie , board-design , dp-display	7	1764	May 31, 2023
How to enable TPM2 module in Trusted Zone (OP-TEE) on Jetson Orin Nano? Jetson Orin Nano security	11	694	August 22, 2025
[Jetson Orin Nano][IRQ] Orin Nano keep reporting irq but there is no voltage chnage Jetson Orin Nano gpio , board-design , interrupt-moderation	15	1648	November 20, 2023
Isolate peripheral to prevent non-secure accesses Jetson TX1	8	1386	September 15, 2016
PCIE PI7C9X2G608GP + Jetson Nano doesn't work Jetson Nano pcie , hw , board-design	6	2584	October 15, 2021
Can Jetson orin nx 8g disable CONFIG_PCI_IOV in kernel config? Jetson Orin NX pcie , board-design	14	309	September 4, 2024
Boot from sd card/nvme problems. Warning test key was detected! Jetson orin nano developer kit Jetson Orin Nano boot	11	886	April 22, 2024
Jetson Orin Nano kernel panic when inserting USB WiFi adapter Jetson Orin Nano wifi	19	1881	November 6, 2023

Orin Nano TrustZone Protection Controller / Nvidia Platform Security Controller

Related topics