Security
This topic describes security features of NVIDIA® Jetson™ Linux. Below are the subtopics:
Secure Boot describes Secure Boot, a feature which ensures that the Jetson Linux boot process cannot be redirected or compromised.
OP-TEE describes the Open Portable Trusted Execution Environment, a TEE provided with Jetson Linux.
Disk Encryption describes the Jetson Linux implementation of Linux Unified Key Setup (LUKS), the Linux standard for disk encryption. This release does not support this feature.
Secure Storage describes Secure Storage, a feature that provides a solution to ensure the general-purpose data and key material can be stored securely.
Rollback Protection describes Rollback Protection, a feature that prevents a computing system from being downgraded (rolled back) from a later version to an earlier one.
PVA Authentication describes the Authentication feature for software that executes on the PVA.
- Secure Boot
- Overall Fusing and Signing Binaries Flow
- Prerequisites Secure Boot
- Fuses and Security
- Fuse Configuration File
- Generate A PKC Key Pair
- Prepare an SBK key
- Prepare K1/K2 keys
- Prepare the Fuse Configuration file
- Burn Fuses with the Fuse Configuration file
- Read Fuses through the Linux kernel
- Sign and Flash Secured Images
- Revocation of the PKC Keys
- UEFI Secureboot
- UEFI Payload Encryption
- UEFI Platform Vendor Key Feature
- Kernel Module Signing
- OP-TEE: Open Portable Trusted Execution Environment
- Disk Encryption
- Quick Guide
- Setup Preparation
- Details of Operation
- The Threat Model
- Disk Encryption Implementation in Jetson Linux
- Layout of an Encrypted Disk
- How to Create File System Images
- Creating an Encrypted Rootfs on the Host
- How to Flash an Encrypted Rootfs to an External Storage Device
- To Enhance initrd to Unlock an Encrypted Rootfs
- To modify initrd to unlock additional encrypted file systems
- Enabling Disk Encryption Only for UDA
- Enabling Disk Encryption for Dynamically Created Partitions
- Modifying /opt/nvidia/cryptluks to Unlock Previously Created and Encrypted File Systems
- Summary
- Manufacturing process
- Secure Storage
- Rollback Protection
- Memory Encryption
- PVA Authentication