I’ve been interested in getting a Jetson TX1 for a project that requires the support for ARM hypervisor mode. While I’m aware that the SoC itself supports it, as far as I know, with previous Jetson boards (including the TK1 model) one of the secure bootloaders dropped down to supervisor (EL1) mode before passing off control to user code, making any sort of hypervisor experiments impossible. So my main questions (about SoC configuration/fusing used in Jetson TX1 specifically) are:
- Does it have some form of a signed second stage bootloader?
- Which mode does that bootloader/bootROM start executing user (untrusted) code in? Is it EL2 or EL1?
- Is there any possibility of running code in EL3 (ie. in secure/TZ monitor mode)?
I know the SoC itself supports many configurations but I’m not sure what the consumer level fusing used in Jetson TX1 and/or the second stage bootloader restrict it to.