VPU Application Signing#

PVA drivers allow system administrators to limit the VPU executables which may be run on the platform, by registering cryptographic signatures of VPU ELFs in a secure allowlist database. When this feature is enabled, if a user attempts to register a VPU ELF whose signature is not contained in the database, the operation fails.

Using this feature requires the following additional steps during deployment:

  1. Generate an allowlist of VPU application signatures.

  2. Merge multiple allowlists into a single system-wide allowlist (optional, not needed if using nvidia-pva-allow).

  3. Deploy the allowlist.

Note

Starting with PVA driver version 2007, VPU application authentication is disabled by default on system boot. It may be enabled after boot by following the instructions below. Refer to your DRIVE OS or JetPack documentation for instructions on how to configure your system to have VPU application authentication enabled during system boot.

A tool named nvidia-pva-allow is provided with JetPack to simplify deploying and managing multiple allowlists.

Allowlist Generation#

PVA SDK is distributed with a script to generate an allowlist file from multiple VPU ELFs. The script is located under /opt/nvidia/pva-sdk-2.7/tools/binary_tools/pvasdkAllowlist.py. For usage, refer to the help prompt by passing --help.

This script is integrated with the PVA SDK build system. If using PVA SDK’s CMake scripts, all built VPU ELFs are automatically placed in a file named pva_allowlist_default_all at the top level of the build directory. Refer to Build System for details and customization.

The allowlist script provides an option for including the signatures of other allowlist files in the output. This allows users to merge multiple allowlists generated by different build trees into a single allowlist for deployment.

Deploy Allowlist with nvidia-pva-allow on JetPack#

When deploying to L4T/JetPack, it is recommended that you use the nvidia-pva-allow tool which comes installed with JetPack 6.1 and later. This tool allows different users to deploy multiple allowlists to the system, and then combines them into a single system-wide allowlist.

Basic Usage#

To add an allowlist:

sudo cp <my_allowlist_with_a_unique_name> /etc/pva/allow.d/
sudo nvidia-pva-allow update

It is important to ensure that your allowlist does not conflict with another allowlist already present.

To remove an allowlist:

sudo rm /etc/pva/allow.d/<my_allowlist_with_a_unique_name>
sudo nvidia-pva-allow update

To disable allowlist checking:

sudo nvidia-pva-allow disable

To enable allowlist checking:

sudo nvidia-pva-allow enable

Usage by Package Maintainers#

Package maintainers should install their uniquely named allowlist to /etc/pva/allow.d/<my_allowlist_with_a_unique_name>.

After installation, invoke:

sudo nvidia-pva-allow -a update

The -a flag means that no error is reported if the allowlist service is not present, which is typically the case when a package is installed as part of a Dockerfile or similar.

When a package is uninstalled, remove its allowlist and run the update command again.

Usage in Containers#

To install a new allowlist within a container, or start a container with allowlists already installed under /etc/pva/allow.d, some extra steps are required.

First, install the NVIDIA container toolkit.

Next, use the toolkit to generate an NVIDIA CDI specification:

sudo nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml

Note

The following instructions assume Docker container engine, but may be adapted for others.

Use the NVIDIA container toolkit to enable CDI in Docker, and restart the daemon:

sudo nvidia-ctk runtime configure --runtime=docker --cdi.enabled=true
sudo systemctl restart docker

Launch Docker with both GPU and PVA devices specified:

docker run -it --device nvidia.com/gpu=all --device nvidia.com/pva=all ubuntu:22.04 /bin/bash

Any allowlists already installed in /etc/pva/allow.d within the image are registered with the system on container start, and unregistered on container stop. Additionally, the pva-allow-2 package may be installed within the container to manage allowlists in the same way as they are managed on the host.

Deploy Allowlist - Non-JetPack Platforms#

Note

It is strongly recommended to avoid the below steps on JetPack and instead use nvidia-pva-allow, which provides a service for managing multiple allowlists from different packages and containerized workflows.

Deployment steps vary between supported platforms and may change between releases. Check with the DRIVE OS documentation for more details. The debug filesystem nodes referred to below are for PVA0 — in systems with multiple PVAs, this should be adjusted accordingly.

DRIVE OS QNX Safety without Debug Overlay#

In production on QNX Safety, it is required to deploy the allowlist file to the IFS. This requires rebuilding the IFS.

  • Copy the allowlist file containing all necessary signatures to the Primary IFS. Refer to the NVIDIA DRIVE OS documentation for the location where this file is expected to be placed.

  • Rebuild the Primary IFS. For details the NVIDIA DRIVE OS Safety Developer Guide.

  • Flash the system. For details, see the NVIDIA DRIVE OS Safety Developer Guide.

DRIVE OS QNX Standard or Safety with Debug Overlay#

DRIVE OS QNX Standard builds and the Safety debug overlay provide additional debugging capabilities for VPU ELF allowlists via debug filesystem nodes.

  • /dev/nvpvadebugfs/pva0/allowlist_ena may be used to enable or disable checking VPU ELFs against the allowlist:

    echo 1 > /dev/nvpvadebugfs/pva0/allowlist_ena # enables allowlist checking
echo 0 > /dev/nvpvadebugfs/pva0/allowlist_ena # disables allowlist checking

  • /dev/nvpvadebugfs/pva0/allowlist_path may be used to load a custom allowlist, replacing the default:

    echo /tmp/my_allowlist > /dev/nvpvadebugfs/pva0/allowlist_path # loads a custom allowlist

DRIVE OS Linux#

DRIVE OS Linux operating systems load the allowlist from /lib/firmware/pva_auth_allowlist. A kernel debug filesystem node is provided for reloading or disabling the allowlist. Elevated privileges are required.

To enable allowlist checking with a custom allowlist, execute the following:

sudo cp my_allowlist /lib/firmware/pva_auth_allowlist
echo 1 | sudo tee /sys/kernel/debug/pva0/vpu_app_authentication # Allowlist checking is enabled with custom list

To disable allowlist checking, execute the following:

echo 0 | sudo tee /sys/kernel/debug/pva0/vpu_app_authentication # Allowlist checking is disabled

Note

On some production platforms, debug nodes may not be available, and the target filesystem may be read-only. In such cases, users must deploy the correct allowlist to /lib/firmware/pva_auth_allowlist in advance of flashing the board.