Jetson Thor Boot Flow#

Boot flow is the sequence of operations that the Bootloader performs to initialize the SoC and boot NVIDIA® Jetson™ Linux. The Bootloader performs the following major operations:

  • Initialize the storage devices, memory controller (MC), external memory controller (EMC), and CPU.

  • Set up security parameters.

  • Load and authenticate firmware components.

  • Maintain the chain of trust.

  • Create memory carveouts for various firmware components.

  • Flash the storage device.

  • Boot to the operating system.

The Jetson boot software can perform other operations defined by product requirements, including but not limited to the following:

  • Initialize HDMI® or DisplayPort.

  • Display a boot logo.

The following diagram shows the flow of control in the boot software.

BootROM#

PSCROM#

The platform security controller (PSC) ROM is a hardware component in the SoC. It starts running as soon as the processor is reset.

PSCROM holds the keys that are required for NVIDIA and OEM authentication and decryption. It provides authentication and decryption services to BootROM and audits the next stage boot on BPMP (for example, MB1) and PSC (for example, PSC-BL1).

../../_images/Pscrom.svg

MB1#

HPSEROM#

HPSE stands for hardware-protected security environment. It is a separate instance of PSC with some hardware differences like IMEM, DMEM size, and fmax at Vmax.

HPSE requirements are derived from SAE J3101, “Hardware Protected Security for Ground Vehicles.” HPSE hosts security-sensitive AV functions such as protocol data unit (PDU) security (loading PDU keys from NVM to KDS) and camera security.

../../_images/hpserom.svg

SBROM#

In the Android Keystore system is a dedicated secure enclave named StrongBox. In Jetson Thor, StrongBox is a separate instance of PSC with some hardware differences like IMEM and DMEM size.

StrongBox is responsible for managing cryptographic keys and security services for Android Automotive OS.

StrongBox (or SB) requirements are derived from the Android 13 compatibility definition.

../../_images/sbrom.svg

MB2#

UEFI#

Unified Extensible Firmware Interface (UEFI) is an industry specification that describes standard interfaces between platform firmware and the operating system.

Features of UEFI include the following:

  • With other specifications (SMBIOS, ACPI), it can load a generic OS without requiring any platform customization of the operating system.

  • It defines a standardized secure boot mechanism for authenticating third-party software (for example, operating systems and PCIe option ROMs).

  • It supports add-in card drivers via option ROMs, and integrates them with the system configuration user interface.

  • It defines standard methods for updating firmware.

The following diagram describes the major aspects of UEFI boot flow.

../../_images/UefiBootFlow.png

UEFI sources and compilation details for this release are available at NVIDIA/edk2-nvidia.