Secure boot in Tx1

Hi,

I have read Secure boot on Tegra_Linux_Driver_Package_Documents_R23.2. i have following queries, kindly help me in resolving this issue.

  1. Is this secure boot supports in L4T 24.1 SDK also? Because i didnt see such topic in 24.1 docs.

  2. Which link is to download “secureboot_R21.5.0_hard.tbz2” and “partner_supplement.tbz2”?

  3. odmfuse.sh present in any of above tar file?

  4. How to fuse “odm_production_mode is programmed to 1” ?

  5. Any secure boot related document is available? Please share the link.

  6. sudo ./odmfuse.sh -j -i 0x40 -c PKC -k here what “-i 0x40” parameter means and “-c PKC” means? Whether we need to provide any Key in place of PKC ?

I’m not sure how this applies, but the R23.2 (and perhaps other) driver documents contain “l4t_secureboot.html”. See:
https://developer.nvidia.com/embedded/linux-tegra-r232
…look for “Documentation” and click on that.

Hi,

Thanks for your reply.

I had read this document which you specified. From that only i have those queries. It would be great if you help by answering that queries by inline.

I don’t know anything else about the secure boot. The particular document was something I remembered seeing, but do not have any real knowledge of. ARM publishes documents about secure boot on the Cortex-A57, but specifics to the SoC may have something I’m not aware of here:
https://developer.nvidia.com/embedded/downloads

The ARM documents are here:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.swdev.abi/index.html
…from this you would look for the Cortex-A series, then Cortex A-57 (ARMv8-A).

I think ARM secure mode concept is different than Nvidia secure boot. Now am getting helpless in this

The Tegra have some fuse keys to support Nvidia secure boot. The DK/SDK is 32/128bit fuse to match with signed image
Without the Key, any communication to TX1 will be prevented, such as NVTEST or NVFALSH.

odm_production_mode is a bit of internal register, write 1 to correct address and sequence will enable it. By set this bit will prevent any fuse write and active current fuse setting.

Fuse and secure boot document for JEP customer is under internal review.

Hi edli,

When the documents which you mention get released?

Is Secure boot support there in jetson TX1? Please confirm?