Readout protection

Hi,

Is there any way to enable readout protection so the system partition can’t be read in recovery mode? This is a common option in MCUs

hello urielom8ug,

may I know what’s the actual use-case?
could you please also share what’s the partition you would like to protect,
thanks

Hi,

The use case is protecting an encryption key(residing in system partition) , I know recently there is an option to do full disk encryption but it is rather complicated and still one partition (/boot) is not encrypted so it doesn’t protect against someone with physical access to the device which can flash that partition via recovery.

Ideally disabling recovery mode is the best , but I haven’t found an option for TX2, only for Xavier (via a fuse).

The attack vector is that someone has physical access to the device

hello urielom8ug,

please access Fuse Specification App Note, your keys should programmed in the fuse.
thanks

That doesn’t help because it means the OS will have access anyway to the fuse so you can use recovery mode to flash a different OS and then access the fuses…

hello urielom8ug,

that’s not correct, when you begin production and burn the ODM production fuse, secure boot is enabled, JTAG debug is disabled, and all the fuses become inaccessible except Reserved_ODM. however, Reserved_ODM fuse are programmable until it disabled by the ODM_lock fuse. thanks

Then my app doesn’t have access to it too, what you are suggesting is going with full disk encryption :

https://docs.nvidia.com/jetson/l4t/#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_disk_encryption.html#

According to that page:
" Because the bootloader cannot read encrypted files, disk encryption requires L4T to divide a “naïve” system’s APP partition in two:

•The unencrypted APP partition contains the /boot branch of the filesystem, including the kernel, DTB, and initrd images"

So it has an unencrypted partition, now you can change that partition and gain access. Is this partition signed and validated by secure boot?

I am looking to what this topics talks about:

But for TX2, also in that topic there wasn’t an answer to how to block recovery (RCM)

1 Like

hello urielom8ug,

we don’t support disable the recovery mode. please also check Topic 64984 for reference.
moreover, if you’d enable secureboot, the RCM code will be signed.

Few questions:

  1. What you mean by RCM code be signed?
  2. is the RCM residing in MB2? can MB2 be deleted and those RCM disabled?

hello urielom8ug,

they’re signed such as BCT or bootloader,
some of other partitions were not signed and encrypted, please check Topic 154143 as see-also.
you may also refer to Jetson TX2 Boot Flow for reference,

again,
all the fuses become inaccessible if you enable the Jetson security, and also burn ODM production, and then ODM lock.

So in the documentation for disk encryption the APP partition (the non encrypted one) is still being signed?

i.e. if it is the only partition which isn’t encrypted but signed then it will prevent a way for an attacker to gain access to the encrypted data.

So is the APP partition being signed and verified by the boot loader and there is no way to replace it with a rouge partition via RCM?

hello urielom8ug,

may I know…
would you like to encrypt the whole APP partition as Disk Encryption;
or, there’s part of sensitive data (i.e. algorithms) you would like to protect?

All my sensitive data is in an sd card which is encrypted, right now the encryption key is in the APP partition (but it can move to the APP_ENC).

Even if the APP partition is fully encrypted but the boot partition isn’t signed at the very least you can still gain access to the data by changing the boot partition.

So, is the non-encrypted APP partition in the full disk encryption tutorial going to be signed and can’t be replaced by a rouge partition using RCM?

hello urielom8ug,

disk encryption is only support with eMMC, it doesn’t support with external storage for r32.5 release.

I understand that, we implemented it ourselves using LUKS.

Even if I have put everything in the eMMC if the non-encrypted APP partition that contains boot files is not signed then full disk encryption for the threat model I am interested on (full physical access to the module) is not relevant.

Can you please answer by yes or no is the non-encrypted APP partition as specified in the tutorial is signed and verified by the bootloader/chain of trust?

hello urielom8ug,

the answer is YES.
please also refer to below two topics, they’re enabled by default on r32.5.
thanks

https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html#wwpID0ESHA

" Signing and Encrypting Kernel, Kernel-DTB, and Initrd Binary Files

Applies to: Jetson Xavier NX and Jetson AGX Xavier series"

So this is not available in TX2? in TX2 they aren’t signed?

hello urielom8ug,

please check r32.5 release notes.

secureboot enhanced for Jetson AGX Xavier and Jetson Xavier NX to extend encryption support to kernel, kernel-dtb, and initrd.

FYI, the kernel encryption support is enabled for Xavier series for now,
you may expect next public release (i.e. l4t-r32.6) to enable encryption support for kernel, kernel-dtb and initrd for TX2.
thanks

1 Like