I was wondering if there is any certification of the Security Engine. I am thinking of something alike a common criteria certification. TPM modules are usually certified like that. If the Security Engine is not certified in any way, we are forced to use an external TPM or alike, which would be a waste.
Here’s an example of such a certification (written in english, from a german institution):
hello tobias.fischer1,
am I understand correctly that you’re asking for the verification steps?
please check below for reference.
for example,
please check developer guide for Jetson Security chapter.
there’s training video, Jetson Security and Secure Boot it gives an overview of security features for the Jetson product.
thanks
Hello,
I am not concerned about how to use the functionalities provided by the security engine. I was wondering if the security engine went through any kind of formal validation and certification.
After digging a little, the Jetson Security Engine seems to be a wrapper around ARMs Trust Zone technology. The ARMv8-A cores used in the Xavier NX do not seem to certified. There are only two Cortex-M cores that went through certification, see: https://community.arm.com/developer/ip-products/security/b/security-ip-blog/posts/arm-receives-first-high-assurance-common-criteria-security-certification-for-soft-processor-ip
Here’s also an official list with all certified products:
https://www.commoncriteriaportal.org/products/
Further details about the different levels of sophistication can be found here:
I think since the jetson platform is not built on top of certified hardware, we will either get a separate IC or some USB Hardware security module.
I am a novice regarding this topic, so please correct me if I missed some information or got anything wrong somehow!
Thanks
hello tobias.fischer1,
that’s incorrect.
SE is NOT a hardware wrapper around TZ.
It is an independent hardware engine that performs cryptographic operations. TZ is only used to do things such as manage keys and such.
moreover,
we have not sought formal certification of SE; you may have the certificate by using your own products.
thanks