Hi,
I wish to learn about the configuration options of the Secure Storage in the Orin AGX.
-
What would be a good starting source for learning about the mechanism in the Orin AGX?
-
Does the Orin AGX supports: REE FS? , RPMB?
Thanks
Someone else will have to give details, but the basics are:
- SD card models don’t have any boot security.
- eMMC models have signed content of all software except for the actual root filesystem.
- All models must have properly signed non-rootfs content, but the default is to use a NULL key.
- The eMMC models have fuses which can be burned (SD card models do not have a burnable fuse, they are stuck with a NULL key) using your private key. Once burned, only content signed with that key can be used for boot. The key is hidden, but the content is not hidden. What it does is to make sure the content you’ve installed is valid and not tampered with. With this in place you can trust the boot chain. This has no security related to any rootfs (you’d use standard Linux tools for that, probably via an
initrdboot).
hello BSP_User,
you may check developer guide, especially the Security chapter of the [Disk Encryption] and [Secure Storage] sections.
Thank you
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.