Step-by-Step Guide to Implementing fTPM Provisioning on Jetson AGX Orin for TLS Secure Communication

Derbados · May 17, 2025, 6:45pm

I am looking for a step-by-step user guide for fTPM provisioning on a Jetson AGX Orin (Initially NVIDIA Jetson AGX Orin Developer Kit).
The purpose of the fTPM provisioning is to set a private key for the use of TLS secure communication between the Jetson and another computer.
Any help would be appreciated.

KevinFFF · May 19, 2025, 2:15am

Hi Derbados,

What’s the Jetpack version in use?

Please refer to Firmware TPM — NVIDIA Jetson Linux Developer Guide for the details about fTPM.

Derbados · May 20, 2025, 7:49am

Thanks, KevinFFF

The documentation in the provided link, discuses the provisioning of the fTPM with an Endorsement Key (EK) and an Endorsement Primary Seed (EPS).
As far as I understand, the EK and the EPS are used for external parties to verify the authenticity and trustworthiness of the TPM/fTPM during key attestation and device identity operations.
If I understand correctly, this is less relevant for the fTPM provisioning USE CASE IN DISCUSSION (i.e. setting a private key for the use of TLS secure communication between the Jetson and another computer).
Please correct me if I’m wrong.
Is there a documentation for for fTPM provisioning for the USE CASE IN DISCUSSION?
B.T.W. this use case also involves a Certificate Authority (CA) server.

Some additional questions regarding the documentation in the link:
3. Regarding the “Offline provisioning method” (documentation says only this method is supported for this release), documentation says it “needs the fTPM manufacturer to pre-generate the EK certificates and encode it into the Encrypted Keyblob (EKB). This process needs to be completed during the device manufacturing process.”
Is a Jetson product owner (i.e. a customer who bought for example a Jetson AGX Orin Developer Kit product and is developing and deploying an application on that product), considered to be an “fTPM manufacturer”?
In other words, I am trying to verify that a Jetson product owner can perform the fTPM provisioning for the USE CASE IN DISCUSSION.
4. The documentation mentions a “provisioning tool”.
a. Where can the provisioning tool be found?
b. Does the provisioning tool support the USE CASE IN DISCUSSION?

Regarding the question about the Jetpack version in use, currently the Developer Kit is not in my possession.
What is the recommended Jetpack version to be used?

KevinFFF · June 5, 2025, 10:50am

Sorry that we don’t verify such use case and can only provide you with limited support.

I would suggest using the latest Jetpack 5.1.5 and 6.2 so that you won’t miss any features and bug fix.

system · July 2, 2025, 3:23am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
fTPM online provisioning release date Jetson Orin NX	4	116	September 5, 2025
Can fTPM still work without being provisioned? Jetson Orin NX security	7	189	September 22, 2025
About fTPM online provisioning Jetson Orin NX ftpm	4	115	September 18, 2025
fTPM implementation in a Jetson Orin Nano Devkit Jetson Orin Nano nvbugs , tpm	5	425	April 22, 2025
Accessing fTPM-helper from a Trusted Application on Jetson Jetson Orin Nano security , ftpm	22	537	November 18, 2025
fTPM Implementation and Provisioning Jetson Orin NX tpm	7	333	May 6, 2025
Question about fTPM offline provisioning Jetson Orin NX ftpm	4	181	September 11, 2025
Enable RPMB on the Jetson AGX Orin Jetson AGX Orin security	4	193	November 20, 2024
Factory Secure Key Provisioning tool Jetson AGX Orin security	5	365	July 30, 2024
TPM compatibility with Jetpack 6 on Orin AGX Jetson AGX Orin jetpack , security	1	21	February 17, 2026

Step-by-Step Guide to Implementing fTPM Provisioning on Jetson AGX Orin for TLS Secure Communication

Related topics