Security bulletin support for Xavier NX with secure boot enabled


We enable secure boot on our Xavier NX based products and would like to include the latest bootloader and trusty updates with security mitigations. However, the latest bootloader debian package only includes a bl_update_payload file which cannot be used on devices fused to enable secure boot. We use the Nvidia bootloader images as is without modification. Would it be possible to get the individual bootloader images: MB1, MB2, CBoot, trusty etc to add to our local Jetpack 4.5.1 installation so we can sign them and build an appropriate bl_update_payload file?

This is a follow on topic from: Apt upgrade will affect secureboot? - #9 by 5121802


Hi 5121802,

We can only suggest forum customer to move on the JP 4.6 to get all fixes for now.


hello 5121802,

thanks for initial a new ticket for tracking,
as I mentioned here, Topic 182065. we’re currently have investigation.
will update the results after we have solutions, please stay-tuned.

Awesome! Thanks Jerry.

Please refer to L4T 32.5.2 and L4T 28.5 Released with Security Fixes - Jetson & Embedded Systems / Announcements - NVIDIA Developer Forums

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.