I am trying to run trusty on a TX2 board. I have only done the steps as given in the atf_and_trusty_README.txt.
Are thre any other steps invoved in making the device boot a secure OS?
Do I need to follow any other steps? or Do something to genereate the EKB and copy it to my device? What other documentation should I follow?
Currently I get the following from my boot log:
I understand this is an old post, but it looks like your topic was posted in the wrong section. Moving it to the TX2 forum for visibility.
here’s developer guide for Jetson Security.
you may also download [Driver Package (BSP) Sources] of r32.7.3 release version.
by extracting trusty_src.tbz2 sources package, you’ll see CA_sample for python script, gen_ekb.py, which is used to create eks.img.
note, the sym.key as mentioned in the example is the user_key as mentioned by document.
if you have a non-zero user_key, you have to generate a customize eks.img with the python script to assign the user_key, and copy it to bootloader folder, re-flash the target to update the EKS partition.
so, Trusty retrieves user_key from eks.img, and loads the key into keyslot for decryption. whenever the eks.img is invalid, keyslot will be cleared with 0, and that means the binaries are not encrypted, so they won’t be decrypted by CBoot.
here’s similar topic for your reference, Topic 238756.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
