Some questions on security

Dear Nvidia Team,
We used the Jetson AGX Orin 32GB, The software versions we use are JetPack 5.1, L4T 35.2.1.
The customer has asked us a security-related question and needs to check with you.

  1. I see that the documentation orin supports RSA-3K secret keys, what padding algorithm is used for the derivation?
  2. The document has written that you can configure JTAG shutdown in May I ask after this shutdown, is the driver shutdown or the hardware no longer supports JTAG, the customer would like to know which layer this JTAG shutdown is acting on?
  3. Any info on orin’s secret key slot please? How big is it?
  4. Can I burn the secret key slot if my device is not in recovery mode? How to let our customers burn the secret key slot information by themselves?
  5. Regarding memory encryption, what is the exact delay? Any test data? Where is the address space for encryption and how big is it?


hello Youke,

Jetson Orin series targets support RSA-3K key only.

it’s the options to disables JTAG, when this is enabled, it’ll block use of the JTAG debugger.
please also note that fuse burning operations are high-risk because they cannot be reversed.

you may see-also Jetson Orin Fuse Specification.

you should put device enter forced-recovery mode for fuse burning, or even image flashing.

may I have more details of this question?

In block encryption and decryption, I see that optee is used, may I know what kind of filling algorithm is supported for encryption and decryption? Is the padding algorithm determined by the hardware or do we write the corresponding algorithm ourselves in optee? (PKCS\PKCS1\PKCS7)
Regarding your answer, can I understand that JTAG is disabled at the hardware level?
I would like to know how much the read/write latency increased after adding memory encryption? Is the entire memory encrypted?


Hi Jerry,
Could you please answer the latest question?

please see my comments above, as I don’t understand your question clearly.

Regarding question 5, I would like to know how the increased memory encryption affects the performance of ram transfer? The html says “Except for the increased read latency for decrypting data” I would like to know how much the latency has increased?

do you see any failures for running real use-case?
this should be low as developer guide mentioned. re-cap as below.

The latency in encrypting/decrypting all DRAM traffic is low and should not affect DRAM performance.

thanks,I just want to know if there is any relevant data, your answer has solved my question

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.