Security ¶
This topic describes security features of NVIDIA ® Jetson™ Linux. Below are the subtopics:
-
Secure Boot describes Secure Boot, a feature which ensures that the Jetson Linux boot process cannot be redirected or compromised.
-
OP-TEE describes the Open Portable Trusted Execution Environment , a TEE provided with Jetson Linux.
-
Disk Encryption describes the Jetson Linux implementation of Linux Unified Key Setup (LUKS), the Linux standard for disk encryption. This release does not support this feature.
-
Secure Storage describes Secure Storage, a feature that provides a solution to ensure the general-purpose data and key material can be stored securely.
-
Rollback Protection describes Rollback Protection, a feature that prevents a computing system from being downgraded (rolled back) from a later version to an earlier one.
-
PVA Authentication describes the Authentication feature for software that executes on the PVA.
-
Secure Boot
- Overall Fusing and Signing Binaries Flow
- Prerequisites Secure Boot
- Fuses and Security
- Fuse Configuration File
- Generate A PKC Key Pair
- Prepare an SBK key
- Prepare K1/K2/KEK keys
- Prepare the Fuse Configuration file
- Burn Fuses with the Fuse Configuration file
- Read Fuses through the Linux kernel
- Sign and Flash Secured Images
- Revocation of the PKC Keys
- Legacy Support of Secure Boot for Xavier SoC
- Burning PKC, KEK, and SBK Fuses
- UEFI Secureboot
- UEFI Payload Encryption
- UEFI Platform Vendor Key Feature
- Kernel Module Signing
- OP-TEE: Open Portable Trusted Execution Environment
-
Disk Encryption
- Setup Preparation
- Details of Operation
- The Threat Model
-
Disk Encryption Implementation in Jetson Linux
- Layout of an Encrypted Disk
- How to Create File System Images
- Creating an Encrypted Rootfs on the Host
- How to Flash an Encrypted Rootfs to an External Storage Device
- To Enhance initrd to Unlock an Encrypted Rootfs
- To modify initrd to unlock additional encrypted file systems
- Enabling Disk Encryption Only for UDA
- Enabling Disk Encryption for Dynamically Created Partitions
- Modifying /opt/nvidia/cryptluks to Unlock Previously Created and Encrypted File Systems
- Summary
- Manufacturing process
- Secure Storage
- Rollback Protection
- Memory Encryption
- PVA Authentication