as you can see… Trusty, a Trusted Execution Environment, Jetson Nano does not support Trusty.
so that, on Jetson Nano, only the root-of-trust start from the BootROM is supported.
Thank you for your reply. I have a followup queries:
Reading the below text, at least on Jetson Nano, the authentication of " (the kernel, kernel-dtb, initrd, and extlinux.conf files)" will not be possible (only BCT, Bootloade is possible)r?
“NVIDIA® Jetson™ Linux Driver Package (L4T) provides boot security using the Secure Boot package. Secure Boot prevents execution of unauthorized boot codes through chain of trust. The root-of-trust is on-die BootROM code that authenticates boot codes such as BCT, Bootloader, and warm boot vector using Public Key Cryptography (PKC) keys stored in write-once-read-multiple fuse devices.”
Additionally, encryption of any of the above images is not possibe for Jetson Nano?
Is it possible to read PKC hash from linux (somewhere in /sys/devices/…, once the linux is booted? I want to used the PKC hash as a unique identity for a per device based decision.
>> Q1
you may dig into image flashing logs.
for instance,
it’s LNX partition for saving kernel image, (although it’s boot.img instead of Image)
it’s DTB partition for saving device tree blob.
>> Q2
you may access to /sys/devices/platform/tegra-fuse for reading fuse values.