Question about updating UEFI keys in QSPI

yanlin.li · April 30, 2025, 3:48pm

Hi Nvidia,

We are in the process of migrating to new UEFI keys for image signing, with A/B slot switching enabled. When performing a capsule update to apply the new UEFI keys to QSPI, how can we target only the specific partition that contains the UEFI keys, rather than updating the entire QSPI?

We are using Orin NX with Jetson Linux 36.4.3, and both EKS and UEFI variable authentication are enabled. As a result, the QSPI contains a unique EKB per device, and we want to ensure it remains intact during the update process. We’re looking for an approach that allows selective updating of only the UEFI key-related partition.

Best regards,
Yanlin

JerryChang · May 1, 2025, 11:49pm

hello yanlin.li,

it’s the partition A_cpu-bootloader and B_cpu-bootloader partition for UEFI.
you may see-also developer guide for the steps to update UEFI Secure Boot keys, Update the db/dbx Keys with a Capsule Update.

Topic		Replies	Views
Update UEFI keys when A/B switch is enabled Jetson Orin NX boot , security	1	18	May 2, 2025
jetson设备是否可以在系统启动后更新SPI-flash中的UEFI？ Jetson Orin NX boot , chinese	4	196	April 23, 2024
How to update the UEFI on devices in the field? Jetson Orin Nano	7	1112	October 6, 2023
Jetson Orin Nano Developer board: UEFI update: Self or from Host PC Jetson Orin Nano uefi	6	520	June 25, 2024
Jetson Orin NX A/B boot Jetson Orin NX security	2	26	December 12, 2024
Determine what partitions are updated during a bootloader update using UEFI capsule Jetson AGX Orin ota	5	42	March 26, 2025
Secure boot UEFI clarifications Jetson Orin Nano security , uefi	2	88	August 8, 2024
如何更改uefi版本号和启动徽标？ Jetson Orin NX boot , chinese	4	295	April 25, 2024
Orin NX UEFI can't enroll keys Jetson Orin NX security	12	721	February 29, 2024
Protecting UEFI secure boot configuration from physical attack Jetson AGX Orin security , nvbugs	5	1084	July 28, 2023

Question about updating UEFI keys in QSPI

Related topics