Hi,
I’m trying to enable secureboot on an Orin Nano that is running Red Hat Enterprise Linux 9.4. I used the mokutil --import /usr/share/doc/kernel-keys/$(uname -r)/kernel-signing-ca.cer
and that allows me to enroll the certificates, but on the UEFI, the Nano secureboot status still displays as disabled and I’m not able to change it.
hello PNCV87,
please refer to Prerequisites Secure Boot.
unfortunately, we support an X86 host running Ubuntu 18.04 LTS, or 20.04 LTS.
Hi @JerryChang , thank you for the reply. I understand that the host has to be an Ubuntu x86 machine, my questions was for the Orin Nano itself. According to the Nvidia documentation, the Orin Nano supports Red Hat Enterprise Linux 9.4, but I can’t find instructions on the proper way to enable Secure Boot. Thanks!
hello PNCV87,
could you please helps to point-out this for reference.
anyways,
Secure boot establishes a root of trust, a low-level bootloader secure boot which start from the BootROM.
fuse programming to burn each fuse variable on the module, fuse burning operations are high-risk because they cannot be reversed.