NVIDIA® Jetson™ Linux Driver Package (L4T) provides boot security using the Secureboot package. Secureboot prevents execution of unauthorized boot codes through chain of trust. The root-of-trust is on-die bootROM code that authenticates boot codes such as BCT, Bootloader, and warmboot vector using Public Key Cryptography (PKC) keys stored in write-once-read-multiple fuse devices. On Jetson platforms that support Secureboot Key (SBK), you can use it to encrypt Bootloader images.
Fuses and Security
NVIDIA SoCs contain multiple fuses that control different items for security and boot. Once a fuse bit is set to 1, you cannot change its value back to 0. For example, a fuse value of 1 (0x01) can be changed to 3 (0x03) or 5 (0x05), but not to 4 (0x4) because bit 0 is already programmed to 1.
Once odm_production_mode is fused with a value of 0x1, all further fuse write requests are blocked and the fused values are available through the provided API. However, the odm_reserved and odm_lock fields are still writable until odm_lock bit is programmed by changing the value of the bit from 0 to 1.
Although SoC fuses are writable, you must use the odmfuse.sh script to program these fuses: public_key_hash, pkc_disable (T210 only), secure_boot_key, and odm_production_mode.
The following two tables describe user-programmable fuses related to Secureboot.
Secureboot fuses for Jetson Nano and Jetson TX1 (T210 processor)
Bit size
Name
Default value set by odmfuse.sh
1
odm_production_mode
0x1
256
public_key_hash
RSA public key hash
Software and configuration fuses related to Secureboot for Jetson Xavier NX and Jetson AGX Xavier series (T194) and Jetson TX2 series (T186)
Bit size
Name
Default value set by odmfuse.sh
1
odm_production_mode
0x1.
256
public_key_hash
RSA public key hash.
128
secure_boot_key *
Secureboot Key (SBK): AES encryption key for encrypting bootloader.
128
KEK0 *
Four 32‑bit registers named KEK00 through KEK03.
128
KEK1 *
Four 32‑bit registers named KEK10 through KEK13.
256
KEK256
Not a distinct fuse; addresses KEK0 and KEK1 as a single 256‑bit fuse.
128
KEK2 *
Four 32‑bit registers named KEK20 through KEK23.
* You may use secure_boot_key or the three Key Encryption Keys with different combinations of width as a key seed to encode keys. For example, KEK2 is used to encrypt and decrypted the Encrypted Key Blob (EKB) when TOS is enabled.
Fuses that are handled by the user are as follows:
Bit size
Name
Default value set by odmfuse.sh
1
jtag_disable
0x1: disable JTAG
256
odm_reserved
Programmable fuses at the user’s direction. However, 32 MSB are reserved for NVIDIA use.
4
odm_lock
Each bit set disables the write for the corresponding 32-bit ODM fuses.
For example: 0x2 locks B32-b63 of odm_reserved.
14
sec_boot_dev_cfg
Depending on sec_boot_dev_sel, each bit has a different meaning.
8
sw_reserved
2-0: sec_boot_dev_sel. Valid if and only if ignore_dev_sel_straps is enabled:
0=eMMC, 1=SPI
3: ignore_dev_sel_straps. Ignores boot strap.
4: enable_charger_detect
5: enable_watchdog
7-6: reserved
For details on hardware fuses and fuse names, consult the following documents:
• The NVIDIA® Jetson™ platform is connected to the host with a USB cable
• Debug serial port is connected to the host, if necessary
To install Secureboot
1. Download the latest Secureboot package for your platform from the Jetson Download Center. Search the database of downloads for “secure boot.”
2. Go to the directory that contains the Linux_for_Tegra directory. *This directory is created when the Jetson Board Support Package is installed.)
3. Enter this command to untar the downloaded file:
tar xvjf secureboot_<release_version>.tbz2
This command overlays the contents of the file on the Linux_for_Tegra directory.
Generating the RSA Key Pair
Secureboot requires a 2048-bit RSA key-pair.
To generate a key-pair
1. Execute the command:
$ openssl genrsa -out rsa_priv.pem 2048
Upon successful execution, OpenSSL generates the key file named rsa_priv.pem file.
2. Rename and save the key file securely and safely.
The key file is used to burn fuse and sign boot files for Jetson devices. The security of your device depends on how securely you keep the key file.
To ensure the security of the key file, restrict access permission to a minimum number of personnel.
Note:
To generate a truly random number key, use the Hardware Security Module (HSM).
Consult the Hardware Security Module User Guide for output format and private key conversion to PEM format.
Preparing the SBK Key
Applies to: Jetson Xavier NX, Jetson AGX Xavier series, and Jetson TX2 series
If you want to encrypt Bootloader (and TOS), you must prepare the SBK fuse bits.
Note:
You must use the SBK key along with the PKC key.
The SBK key consists of four 32-bit words stored in a file in big-endian hexadecimal format. Here is an example of an SBK key file:
0x12345678 0x9abcdef0 0xfedcba98 0x76543210
The representation in the fusing XML file is:
0x123456789abcdef0fedcba9876543210
Preparing the DK(KEK)/ODM Fuses
If you want to use another security application, you must prepare the DK(KEK) and other ODM fuse bits as described in the documentation for the other security application.
Name
Description
DK
A 32-bit number stored in a file in big-endian HEX format.
Applies to: Jetson Nano and Jetson TX1
Example: 0xddccbbaa
KEK0
KEK1
KEK2
A 128-bit number stored in a file in big-endian HEX format.
Applies to: Jetson Xavier NX, Jetson AX Xavier, and Jetson TX2
KEK256
A 256-bit number stored in a file in big-endian HEX format.
Applies to: Jetson Xavier NX, Jetson AX Xavier, and Jetson TX2
ODM Fuse Bits
To use applications other than Secureboot, additional ODM fuse bits may be required. The specific fuse information differs depending on the application being used. Consult the user guide for the application being used.
Note:
HEX numbers must be presented in BigEndian format. The leading 0x or 0X can be omitted. The Jetson Secureboot software converts the BigEndian HEX format to the format that the Jetson device expects. All standard OpenSSL utilities output in BigEndian format.
Burning PKC [DK(KEK), SBK] Fuses
The steps for burning PKC, DK, and SBK fuses using a private key file PEM format are as follows.
To burn PKC fuses
1. Navigate to the directory where you installed L4T.
2. Put the Jetson device into Forced Recovery Mode.
3. Burn the fuse using the odmfuse.sh script. For example:
• To fuse PKC HASH from the .pem file with JTAG enabled:
• For Jetson Xavier NX: jetson-xavier-nx-devkit-emmc
• For Jetson Nano (production module): jetson-nano-emmc
• For Jetson AGX Xavier series: jetson-xavier
• For Jetson TX2 series: jetson-tx2
• For Jetson TX1: jetson-tx1
odmfuse.sh Switches
For odmfuse.sh, other than PKC key and ODM_PRODUCTION_MODE fuses, odmfuse.sh allows you to program ODM fuses that are completely under your discretion. Skip this topic if you do not plan to modify these fuses.
The odmfuse.sh command line switches that blow some ODM fuses are as follows:
Switch
Description
-d 0xXXXX
Sets sec_boot_dev_cfg=<value>&0x3fff. For detail, refer to TRM.
-j
Sets JTAG enabled. Unless this switch is specified, the usage of the JTAG debugger is blocked by default.
-l 0xX
Sets odm_lock to the specified value. Setting each bit locks (makes read-only) the corresponding 32‑bit word in the odm_reserved field.
For example, setting odm_lock to 0x1 locks the first 32‑bit word of odm_reserved. Setting odm_lock to 0x5 locks the first and third 32‑bit words of odm_reserved, and so on.
-o <value>
Sets odm_reserved to the specified value. The value must be a quoted 256‑bit (64‑digit) hexadecimal number in the form "0xnnnn… nnnn". The last 32 bits (eight digits) must be all zero because these bits are reserved for use by NVIDIA.
-p
Sets production mode.
-r 0xXX
Sets sw_reserved=0xXX. The name of this fuse field is confusing, but the meaning is as follows:
Sets the Device Key to be used by the high-level security application to generate the application encryption keys. The content of <DK_file> must be a single 32-bit big endian HASH in HEX format.
-S <SBK_file>
Sets the Secureboot Key used to encrypt Bootloader and TOS. The content of <SBK_file> must be four 32‑bit big-endian numbers in hexadecimal format.
--no-burn
Prepares the fuse blob to be used repeatedly on the factory floor where the private PKC key is not available.
This switch generates <L4T path>.../Linux_for_Tegra/fuseblob.tbz2 which can be downloaded and untarred in <L4T path>.../Linux_for_Tegra directory of a factory host.
Once the fuseblob.tbz2 is untarred in the Linux_for_Tegra directory, then fusecmd.sh in the Linux_for_Tegra/booloader directory is used to burn fuses repeatedly instead of the standard odmfuse.sh.
--KEK0
--KEK1
--KEK2 <path>
Pathname of the Key Encryption Key file that other security applications are to use to encrypt/decrypt keys. The content of the file must be a single 128-bit big-endian number in hexadecimal format.
Applies to: Jetson Xavier NX, Jetson AGX Xavier, Jetson TX2
--KEK256 <path>
Pathname of the 256-bit Key Encryption Key file that the high-level security application will use to encrypt the application keys. The content of the file must be a single 256-bit big-endian number in hexadecimal format.
Applies to: Jetson Xavier NX, Jetson AGX Xavier, Jetson TX2
Signing and Flashing Boot Files
You can use the following procedures to sign and flash boot files:
• In one step, using the PKC-key only or zero-key signing (signing with a key file that is all 0’s)
• In one step, using both SBK and PKC key signing
• In separate steps
Note:
If no key file is specified, the flashing utility uses zero-key signing.
To sign and flash in one step using PKC-key or zero-key signing
1. Navigate to the directory where you installed L4T.
2. Place the Jetson device into Force Recovery mode.
3. Enter one of these commands:
• To flash the Jetson device with PKC signed binaries:
Neither the RSA key file nor the SBK key file may be placed under the Bootloader directory.
2. Flash:
1. Navigate to the directory where you installed L4T.
2. Place the Jetson device into Force Recovery mode.
3. Enter the commands:
$ cd bootloader
$ sudo bash ./flashcmd.txt
Note:
Be sure to press and reset the recovery button even if the Jetson device is still in recovery mode after fusing.
Accessing the Fuse from the Target
The Jetson Secureboot package provides a means to access fuses from the target board after it boots up.
To access the fuse from the target board
1. Copy the <top>.../Linux_for_Tegra/pkc/tegrafuse.sh script to the ubuntu@<target IP address>.
2. To access the target’s fuses from the target board, login to the target board. To display all fuses, enter the command:
$ sudo ./tegrafuse.sh
Fusing to Multiple Jetson Devices
NVIDIA provides a tool and instructions for fusing Jetson devices efficiently in a factory environment. This tool is part of the Secureboot package, and is available in the Linux_for_Tegra folder. Instructions for using the tool are in README_Massfuse.txt, located in the same folder.
Building and Flashing a Factory-Signed Firmware Blob
L4T provides two example implementations for flashing factory-signed firmware in a factory environment.
To building the firmware blob in a trusted environment
• See “Building the Massflash Blob in Trusted Environment” in Linux_for_Tegra/README_Massflash.txt.
To flash the firmware blob in a factory environment
• See “Flashing the Massflash Blob in Untrusted Environment” in Linux_for_Tegra/README_Massflash.txt.
