Protect my code from Piracy ? Or how to run software in a secured environment ?

Autonomous Machines Jetson & Embedded Systems Jetson AGX Xavier
1

Hello,

We are developing a new algorithm, for an highly competitive market. The goal is to make it run on small GPU system, and Jetson (eg. Xavier) seems to be a very good option…

But we fear copycat. From concurrent companies. Or from subcontractor that will build the machine for us.
So I am urged to find a solution to encrypt the software, and run it in a secure environment.

For this I think I would need:

  1. A decryption key, hidden in some write-only memory that cannot be read from a debugger, or anything connected to the module.
  2. A boot loader, executed from some read-only memory, that will accept to run a properly signed software, and decrypt it (using the hidden key) before launch. And that cannot be bypassed.

Does the Jetson Xavier module and system provide such services ?
Or can I do that with a standard PC and a RTX 2080 board ?
Do you have any examples ? Or ideas to achieve that kind of IP protection ?

Regards,

2

Moving to Jetson AGX Xavier forum.

3

hello jean-dominique.gascuel,

please check security packages via Jetson Download Center, we’re currently not able to support your request.

may I have more details about your use-case, which also help us evaluation.
for example,
what the content you would like to copy-protect, how would you want to do licensing, etc…
thanks

4

Hi Jerry,

I shall protect my code.

The only solutions seems (but I am open to any other workable solution, of course) to encrypt the code with some secret key.
Then for execution I need to:

  1. Upload a bootloader and the key on the Jetson (see below).
  2. Upload the encrypted code.
  3. Execute the booloader, that will:
    • retrieve the secret key
    • decrypt my code
    • jump to the freshly decoded program

For this scheme to be really safe, I think I need:

  • The secret key shall not be readable from anywhere, except from the bootloader.
  • Users shall not be able to temper or replace my bootloader by something that will reveal my secret key.

Once this kind of security exists, my intend would be to flash the bootloader and the secret key at my factory, when assembling the machine, so both won’t leak to the outside world.
Then the encrypted code could be distributed and upgraded using normal channels, has it is securred by the above.

Hope this helps,