Security bulletin support for Xavier NX with secure boot enabled

Hello,

We enable secure boot on our Xavier NX based products and would like to include the latest bootloader and trusty updates with security mitigations. However, the latest bootloader debian package only includes a bl_update_payload file which cannot be used on devices fused to enable secure boot. We use the Nvidia bootloader images as is without modification. Would it be possible to get the individual bootloader images: MB1, MB2, CBoot, trusty etc to add to our local Jetpack 4.5.1 installation so we can sign them and build an appropriate bl_update_payload file?

This is a follow on topic from: Apt upgrade will affect secureboot? - #9 by 5121802

Thanks

Hi 5121802,

We can only suggest forum customer to move on the JP 4.6 to get all fixes for now.

Thanks

hello 5121802,

thanks for initial a new ticket for tracking,
as I mentioned here, Topic 182065. we’re currently have investigation.
will update the results after we have solutions, please stay-tuned.

Awesome! Thanks Jerry.

Please refer to L4T 32.5.2 and L4T 28.5 Released with Security Fixes - Jetson & Embedded Systems / Announcements - NVIDIA Developer Forums