Secure Boot for IGX
NVIDIA IGX Orin Developer Kits and board kits are shipped to you with secure boot disabled. Use this documentation if you want to enable end-to-end secure boot for your production NVIDIA IGX device.
NVIDIA IGX provides boot security. Secure Boot prevents execution of unauthorized boot codes through the chain of trust. The root-of-trust is an on-die BootROM code that authenticates boot codes, such as boot configuration table (BCT), bootloader, and warm boot vector by using public key cryptography (PKC) keys stored in write-once-read-multiple fuse devices. On the IGX platform that supports secure boot key (SBK), you can use it to encrypt bootloader images.
The NVIDIA System on a Chip (SoC) contains multiple fuses that control different items for security and boot. The IGX BSP package contains program scripts, tools, and instructions to provide security services during boot.
Only IGX SDK provided Orin BSP components are supported for the secure boot process. IGX BMC secure boot is not covered by this documentation.
Use the following documentation to enable IGX end-to-end secure boot.