But I’m asking completely different thing.
Suppose you have a factory which you don’t trust. You need a batch of flashed devices. There are two options:
- You order unflashed devices and flash them yourselves, which can be somehow unconvenient and cumbersome. But this way you don’t reveal contents of your firmware to factory.
- You give some blobs to factory and say ‘flash them please’. But there is an issue: factory can read the firmware before flashing. You can’t encrypt the firmware, because factory can still read keys from blobs before flashing, since they are stored in plaintext.
This is not a question about security of already flashed fuses. This is a question that I don’t see any way to protect the keys when they are in transit. You give factory a file to flash, but instead of flashing they just open it in text editor and voila - all keys are plaintext, just copy and paste them somewhere.
So outcome of this: you can’t make untrusted factory flash your devices without a risk that they will steal your firmware. No encryption will work: they can steal a keys, and then decrypt a firmware. You need a trusted place to flash to ensure that keys won’t be leaked.
So this is a feature request, as it seems that there is no way to do it: add mechanism for secure key provision. It can be implemented like this:
- Every ‘clean’ new device comes with device’s own private key and device’s certificate, signed by NVIDIA root. The key, of course, should be unreadable for anything but NVIDIA’s own code.
- When you need to flash the fuses, you invoke some special function in ROM code. It presents you a certificate (so you can be sure that you are talking to a genuine device), and you send it a fuse blob encrypted to a public key in that certificate. ROM/bootloader code receives encrypted blob, decrypts it with device private key, and applies the fuses.