Securing data access

Hi,
I am wondering what is the best way to disable data accessing in recovery mode on Jetson Xavier. The goal is to prevent someone from copying the files when Jetson Xavier is in recovery mode.
Thank you,

Peter

hello pwaadm7,

may I know what’s the “data” you’re concerned, those binaries were encrypted once you’d enable Jetson security,
you may also refer to Data encryption using secure boot and odm_reserved fuse in Jetson Nano as see-also topic.
thanks

Hi JerryChang,

By “data” I mean software that we are running on AGX, application data and ssh private
keys, application settings stored in user home directories that we need to keep secure. Need to ensure that once the product is set for production there is no access to the “data” except ssh. We could encrypt the partition but then passphrase is needed every time we reboot. Any suggestions how to resolve it?

hello pwaadm7,

please check developer guide to enable security feature. Security chapter has two subtopics,

  1. Secureboot describes Secureboot, a feature which ensures that the Jetson Linux boot process cannot be redirected or compromised.
  2. Trusty, a feature which provides a secure environment (a Trusted OS, or TOS) in which applications can run.

BTW,
here’s an approach to setup authorization ssh access.
you may setup SSH, to add the keypairs into ~/.ssh/config and disables strict host checking.
you may also enable the command, ssh-copy-id to copy the ssh key to the target.
thanks

Thank you, will try Trusty.