And successfully flashed a signed image onto my TX1, which I have then verified via the tegrafuse.sh showing odm_production mode : 0x00000001 and a public key.
I have also checked the dmesg output and found that androidboot.security=enabled.
However, when I flash an image signed with an altered private key, ubuntu 16.04 still boots. Is this expected? How can I verify that secure boot is working as expected and stopping tampered with software from running?
I am still trying to understand the difference between the TOS and the ROS. Is the chain of trust extended up to the ubuntu? Looking at the tutorial here: Jetson Security and Secure Boot , it looks like ubuntu is not verified. What is the best way to extend the chain of trust to ubuntu if it is not verified currently?
However, when I flash an image signed with an altered private key, ubuntu 16.04 still boots. Is this expected? How can I verify that secure boot is working as expected and stopping tampered with software from running?
may I know which partition you had tried to replace for testing.
thanks
we would check this internally, could you please share your software environment setups.
for example, which JetPack release you’re working with.
thanks
Upon reflashing I got this working in the sense that I could not flash a non signed image. However I would like to understand how I can extend the chain of trust up to ubuntu, and how I can access the trust zone from user space in ubuntu. Are there any resources I can look at to gain a better understanding of this?