I am wanting to setup secure boot on my TX1.
And successfully flashed a signed image onto my TX1, which I have then verified via the tegrafuse.sh showing odm_production mode : 0x00000001 and a public key.
I have also checked the dmesg output and found that androidboot.security=enabled.
However, when I flash an image signed with an altered private key, ubuntu 16.04 still boots. Is this expected? How can I verify that secure boot is working as expected and stopping tampered with software from running?
I am still trying to understand the difference between the TOS and the ROS. Is the chain of trust extended up to the ubuntu? Looking at the tutorial here: https://www.brainshark.com/nvidia/Jetson_Security_SecureBoot?dm=5&pause=1&nrs=1 , it looks like ubuntu is not verified. What is the best way to extend the chain of trust to ubuntu if it is not verified currently?