Secureboot for production module Xavier NX

I have16 GB emmc Xavier NX production module with reComputer J202 Carrier Board and 250 GB SSD. I have flashed the jetpack 4.6.2 through SSD M2 key with the help of sdkmanager.

I want to protect my Xavier NX from tampering with software. I have read few posts but in those cases boot was done from emmc not SSD. Can someone please clear steps so that I do not damage my Xavier in the process. thanks.

The close post which I plan to try is : Confirmation/Review on secureboot steps for Xavier NX production kit (custom board)

any help or clarification would be much appreciated. Thank you.

hello curiousfrog,

may I confirm the actual use-case.

you’re having Xavier NX with internal eMMC, and this is external 250GB SSD for storage.
are you going to boot-from SSD, and also enable SecureBoot for that?
thanks

Hey Jerry,
Thanks for the reply. I am not at liberty to share the exact use case, but I can tell you that I need more space as much as possible to store the videos and images, etc for my end goal. I have read the jetsonhacks posts about boosting your production Xavier to ~10 times by transferring the rootfs to your ssd from emmc which I did earlier using their github repo..
But later I found out updated post of jetsonhacks that says, you can directly flash the jetpack on SSD (flash on NVME) from SDKmanager, so I did that.

Now coming to your question that if I am going to boot-from-SSD and secure boot also:
boot-from-ssd is already happening right ?
and second: I want to protect my production module from external tampering or reverse engineering, so I found out about secureboot through generating keys and burning fuses.

Now my question is: in all the post its mentioned that boot is happening from emmc. when I power up my Xavier module, boot will happen from SSD, so are all the steps given in this link applicable to my system ?

If not should I just flash the jetpack on my emmc instead of NVME (and then extend the storage of SSD) and follow the above steps ?

If I misunderstood something, please correct. Thank you.

hello curiousfrog,

so, it’s actually NVMe storage device. this must be attached before the device is booted.
please refer to Flashing to an NVMe Drive and also the steps to enable secureboot.
FYI,
please see-also tutorial video for [Jetson Security and Secure Boot].
thanks

hey Jerry,
Thanks for sharing the link of brainshark. I saw the tutorials for concepts.
but question remains unanswered: that whether booting from NVMe will follow the same secure boot process as given here ?

hello curiousfrog,

I though I’ve already answer your question. the answer is yes. please follow developer guide to enable secureboot.

Jetpack-4.6.2 is using l4t-r32.7.2.
please also check you’ve using the secureboot package with the same release version.
it’s available through https://developer.nvidia.com/embedded/jetson-linux-archive.

1 Like

ok thanks will do

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.