SD card encryption Jetson Nano

Hello,
On Raspberry Pi you can buy Zimkey, which basically just uses the LUKS, and on boot Zimkey gets some undisclosed readings from RPi and generates a key from this, which always will be the same when the same Zimkey is connected to the same RPi. So on that RPi the os will boot and services will start running, but if you take out the sd card and try to read it, you won’t be able to.

On Jetson Nano there is the secure boot, and it seems that just by enabling that it would be harder to steal data from any non-removable storage because you would need to know the OS login and password to get to the storage. And you can’t install any other software to access it, because any image would need to be signed. Is this right?

If my above assumption is right, it wouldn’t help if we’re booting from an SD card, because you can easily remove it and read it from a computer. I have read the documentation for the secure boot, it mentions a safe storage key, but there aren’t any specifics on it. Is it possible to use it in a similar way as Zimkey? So that the SD card would get decrypted on boot when it is in the right Jetson?

Hi,

The secureboot solution is actually for the production module of jetson nano. We don’t have solution for sdcard type.

OK, but then is enabling the secure boot on the production board good enough way to protect the intellectual property on the device or would you recommend something else?

1 Like

Hi,

What kind of “intellectual property” do you want to be protected? The secureboot here protects those component involved boot process. For example, it protects the bootloader but does not protect the rootfs.

You could also refer to trusted zone, which may be near to your request.
However, only TX2 and Xavier has trusted zone supported.

https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%2520Linux%2520Driver%2520Package%2520Development%2520Guide%2Ftrusty.html%23

Hello, I’m Bob and work for Zymbit. We make the Zymkey mentioned above. I just wanted to add that the Zymkey is also supported on the Nano. The same encryption process can be used to encrypt the rootfs on your Nano’s SD card. More details on our Community page…

1 Like