Secure Boot¶

Applies to the Jetson AGX Orin series, the Jetson Xavier NX series, and the Jetson AGX Xavier series.

NVIDIA^® Jetson™ Linux provides boot security using the Secure Boot package. Secure Boot prevents execution of unauthorized boot codes through the chain of trust. The root-of-trust is an on-die BootROM code that authenticates boot codes such as BCT, Bootloader, and warm boot vector using Public Key Cryptography (PKC) keys stored in write-once-read-multiple fuse devices. On Jetson platforms that support Secure Boot Key (SBK), you can use it to encrypt Bootloader images.

NVIDIA SoCs contain multiple fuses that control different items for security and boot.

The Secure Boot package contains program scripts/tools and instructions to provide security services during the booting.

Overall Fusing and Signing Binaries Flow¶

The Secure Boot process with PKC and SBK requires you to:

Install the Secure Boot package.
Generate an RSA key pair.
Prepare an SBK key.
Prepare KEK keys.
Prepare the Fuse Configuration file.
Burn fuses using odmfuse.sh script with a Fuse Configuration file.
Flash the device with secured images (using flash.sh with -u -v options).

Installing the Secure Boot Package¶

The Secure Boot Package includes scripts/tools to facilitate burning of security fuses and flashing of encrypted/signed images to the Jetson devices.

Prerequisites¶

An X86 host running Ubuntu 18.04 LTS, or 20.04 LTS.
libftdi-dev for USB debug port support.
openssh-server package for OpenSSL.
Full installation of the latest Jetson Linux release on the host.
A USB cable connecting the Jetson device to the host.
If necessary, a USB cable that connects the Jetson device’s debug serial port to the host.

Install Secure Boot Package¶

Download the version of the Secure Boot package for your platform and release of Jetson Linux from the release page.

Here is the link to the release page:
```
https://developer.nvidia.com/embedded/jetson-linux
```
Go to the directory that contains the Linux_for_Tegra/ directory. (This directory is created when the Jetson Board Support Package is installed.)
To untar the downloaded file, enter the following command:
```
$ tar xvjf secureboot_<release_version>.tbz2
```
This command overlays the contents of the file on the Linux_for_Tegra/ directory.

Fuses and Security¶

NVIDIA SoCs contain multiple fuses that control different items for security and boot. Once a fuse bit is set to 1, you cannot change its value back to 0. For example, a fuse value of 1 (0x01) can be changed to 3 (0x03) or 5 (0x05), but not to 4 (0x4) because bit 0 is already programmed to 1.

After the SecurityMode (also known as odm_production_mode) fuse is burned with a value of 0x1, all additional fuse write requests will be blocked.

However, some of the ODM fuses are still writable. For more details, refer to the specific SoC fuses documents.

To burn fuses, you can use the odmfuse.sh script with a fuse configuration file.

The fuse configuration file is an XML file that contains the fuse data to be burned.

Fuse Configuration File¶

The fuse configuration file, which is an XML file, contains the fuse data, a list of fuses, and the value to be burned in each fuse.

The odmfuse.sh tool uses this XML file to program the fuses.

A fuse configuration file contains a <genericfuse> </genericfuse> tag pair, which contains one <fuse/> tag for each fuse to be burned.

The following template shows the format of the file:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="<name>" size="<size>" value="<value>"/>
    <fuse name="<name>" size="<size>" value="<value>"/>
    . . .
</genericfuse>

Where:

<name> is the name of a fuse. Supported fuse names are listed in the SoC’s Reference Fuse Configuration File.

For Orin SoC, refer to Orin Reference Fuse Configuration File

For Xavier SoC, refer to Xavier Reference Fuse Configuration File

<size> is the size of the fuse in bytes.

<value> is the value to be burned into the fuse, with two hexadecimal digits per byte.

MagicId of “0x45535546” is used by the target-binary and must not be changed.

odmfuse.sh script burns fuses in the order that they appear in the fuse configuration file. If two or more fuses’ values are interdependent, the independent fuses must be specified before the dependent one so that they are burned first. That is, if the values that can be burned into fuse Y depend on the value of fuse X, the fuse configuration file must specify fuse X first and then Y. This way, the odmfuse.sh script will burn fuse X first.

Caution

The odmfuse.sh fuse burning tool does not check for dependencies, so specifying a dependent fuse before the fuse it depends on might render the target device inoperable. Check the fuse list’s order carefully before you burn the fuses.

Note

Although the fuse configuration file contains XML tags, it does not need the “<?xml… ?>” prolog defined by the XML standard. Fuse configurations might not have a prolog. If you want to run general purpose XML utilities on such a file, you might have to add a prolog.

Each SoC has its own specific fuses and fuse names.

For details on fuses and fuse names for each SoC, refer to the following documents:

For Jetson AGX Orin series: Jetson AGX Orin Series Fuse Specification Application Note
For Jetson Xavier NX series: Jetson Xavier NX Fuse Specification Application Note
For Jetson AGX Xavier series: Jetson AGX Xavier Series Fuse Programming Application Note

Note

These Application Note documents can be found in the following page:

https://developer.nvidia.com/embedded/downloads#?search=fuse

The following sections describe the Fuse Configuration Files for each SoC.

For Jetson Orin SoC, refer to Orin Reference Fuse Configuration File.

For Jetson Xavier SoC. refer to Xavier Reference Fuse Configuration File.

Jetson AGX Orin Fuse Configuration File¶

Refer to Jetson AGX Orin Series Fuse Programming Application Note for the details on fuses and fuse names for Orin SoC.

Example Orin Fuse Configuration File to Program the RSA-3K Key¶

Example fuse configuration file to enable Secure Boot with RSA-3K key:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x18e984f7d79f7a185039ec413ed2ff86227c8f0be639edde0cf23ab1f7910b759ede8fb0c20d02c68deb04a75226d632f9fe24c71dad4b302acdba13db658130"/>
    <fuse name="BootSecurityInfo" size="4" value="0x201"/>
    <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

Note

Jetson AGX Orin series targets only support RSA-3K key.

Note

The value above for “PublicKeyHash” is for demonstrations only.

Refer to Generate PublicKeyHash value from an RSA key pair for more information about generating the PublicKeyHash fuse value.

Example Orin Fuse Configuration File to Program the RSA-3K Key + SBK Key + OemK1 Key¶

The following sample configuration file is used to enable the Secure Boot with RSA-3K key, the SBK key, and the OemK1 key:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x18e984f7d79f7a185039ec413ed2ff86227c8f0be639edde0cf23ab1f7910b759ede8fb0c20d02c68deb04a75226d632f9fe24c71dad4b302acdba13db658130"/>
    <fuse name="SecureBootKey" size="32" value="0x123456789abcdef0fedcba987654321000112233445566778899aabbccddeeff"/>
    <fuse name="OemK1" size="32" value="0xf3bedbff9cea44c05b08124e8242a71ec1871d55ef4841eb4e59a56b5f88fb2b"/>
    <fuse name="BootSecurityInfo" size="4" value="0x209"/>
    <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

Note

The values of PublicKeyHash, SecureBootKey, and OemK1 above are for demonstrations only.

Refer to Generate PublicKeyHash value from an RSA key pair for more information about generating the PublicKeyHash fuse value.

Refer to Prepare an SBK key for more information about generating the SecureBootKey fuse value.

Refer to Prepare K1/K2/KEK keys for more information about generating the OemK1 fuse value.

Orin Reference Fuse Configuration File¶

The Orin Reference Fuse Configuration file lists all fuses that are supported by the Orin SoC.

All fuse values in the reference configuration file are enclosed in XML comments. To adapt the reference file for fusing, uncomment them and replace their “0xFFFF” placeholder values with the actual values for your target.

Here is the Orin Reference Fuse Configuration File for Jetson AGX Orin devices:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <!-- <fuse name="OdmId" size="8" value="0xFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="OdmInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ArmJtagDisable" size="4" value="0x1"/> -->
    <!-- <fuse name="Apb2JtagDisable" size="4" value="0x1"/> -->
    <!-- <fuse name="DebugAuthentication" size="4" value="0x1"/> -->
    <!-- <fuse name="CcplexDfdAccessDisable" size="4" value="0x1"/> -->
    <!-- <fuse name="ReservedOdm0" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm1" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm2" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm3" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="OdmLock" size="4" value="0xF"/> -->
    <!-- <fuse name="ReservedOdm4" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm5" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm6" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm7" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="SecureProvisionInfo" size="4" value="0x1"/> -->
    <!-- <fuse name="OptInEnable" size="4" value="0x1"/> -->
    <!-- <fuse name="SwReserved" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="BootDevInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="SecuritySwOdm" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ZeroizeDis" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="PublicKeyHash" size="64" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="PkcPubkeyHash1" size="64" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="PkcPubkeyHash2" size="64" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="EndorseKey" size="68" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="SecureBootKey" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="Kdk0" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="PscOdmStatic" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="OemK1" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="OemK2" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="RevokePkH0" size="4" value="0x1"/> -->
    <!-- <fuse name="RevokePkH1" size="4" value="0x1"/> -->
    <!-- <fuse name="BootSecurityInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="SecurityMode" size="4" value="0x1"/> -->
</genericfuse>

Jetson Xavier NX and Jetson AGX Xavier Fuse Configuration Files¶

For details on hardware fuses and fuse names, refer to the following documents:

For Jetson Xavier NX series: Jetson Xavier NX Fuse Specification Application Note
For Jetson AGX Xavier series: Jetson AGX Xavier Series Fuse Programming Application Note

Example Xavier Fuse Configuration File to Program the RSA-2K Key¶

The following sample configuration file is used to enable Secure Boot with RSA-2K key:

 <genericfuse MagicId="0x45535546" version="1.0.0">
     <fuse name="PublicKeyHash" size="32" value="0x3cd0ac90ca94ca6edf8b131befa93799022e8bb5edd0a523ce78d46a3b4ce433"/>
     <fuse name="BootSecurityInfo" size="4" value="0x01"/>
     <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

Note

Jetson AGX Xavier series and Jetson Xavier NX series targets support both RSA-2K and RSA-3K key.

Note

The value above for PublicKeyHash is for demonstrations only.

Refer to Generate PublicKeyHash value from an RSA key pair for more information about generating the PublicKeyHash fuse value.

Example Xavier Fuse Configuration File to Program the RSA-3K Key + SBK Key + KEK Key¶

The following sample configuration file is used to enable Secure Boot with RSA-3K key, SBK key and KEK keys:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="32" value="0x999585e628c285a5dfdd2bd201fa878d8e62e6c4eb842d81d1a026b22cd6e8f0"/>
    <fuse name="Kek0" size="16" value="0x112233445566778899AABBCCDDEEFF00"/>
    <fuse name="Kek1" size="16" value="0x123456789ABCDEF0FEDCBA9876543210"/>
    <fuse name="SecureBootKey" size="16" value="0x123456789ABCDEF0FEDCBA9876543210"/>
    <fuse name="BootSecurityInfo" size="4" value="0x06"/>
    <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

Note

The values above of PublicKeyHash, SecureBootKey, Kek0 and Kek1 are for demonstrations only.

Refer to Generate PublicKeyHash value from an RSA key pair for more information about generating the PublicKeyHash fuse value.

Refer to Prepare an SBK key for more information about generating the SecureBootKey fuse value.

Refer to Prepare K1/K2/KEK keys for more information about generating the Kek0 and Kek1 fuse values.

Xavier Reference Fuse Configuration File¶

The Xavier Reference Fuse Configuration file lists all fuses that are supported by Xavier SoC.

All fuse values in the reference configuration file are enclosed in XML comments. To adapt the reference file for fusing, uncomment them and replace their “0xFFFF” placeholder values with the actual values for your target.

Following shows the Xavier Reference Fuse Configuration file for Jetson Xavier NX and Jetson AGX Xavier devices:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <!-- <fuse name="OdmId" size="8" value="0xFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="Odm_info" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm0" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm1" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm2" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm3" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="OdmLock" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm4" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm5" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm6" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedOdm7" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="JtagDisable" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="ReservedSw" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="BootDevSelect" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="BootDevInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="SecureProvisionInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="EndorsementKey" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="DebugAuthentication" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="CcplexDfdAccessDisable" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="Kek0" size="16" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="Kek1" size="16" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="Kek2" size="16" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="Kek256" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="PublicKeyHash" size="32" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="SecureBootKey" size="16" value="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/> -->
    <!-- <fuse name="BootSecurityInfo" size="4" value="0xFFFFFFFF"/> -->
    <!-- <fuse name="SecurityMode" size="4" value="0x1"/> -->
</genericfuse>

Generate An RSA Key Pair¶

Secure Boot requires an RSA key pair whose length is 2048 bits (RSA 2K) or 3072 bits (RSA 3K).

Note

The 3072-bit RSA key option is supported on Jetson AGX Orin series, Jetson Xavier NX series and Jetson AGX Xavier series.

The 2048-bit RSA key option is no longer supported on Jetson AGX Orin series.

Enter one of the following commands:
- To generate an RSA 2K key:
```
$ openssl genrsa -out rsa_priv.pem 2048
```
- To generate an RSA 3K key:
```
$ openssl genrsa -out rsa_priv.pem 3072
```
OpenSSL generates the key file, named rsa_priv.pem.
Rename and save the key file.

The key file is used to burn fuses and sign boot files for Jetson devices.

Caution

The security of your device depends on how securely you keep the key file.

Note

To generate a truly random number key, use the Hardware Security Module (HSM).

Generate `PublicKeyHash` value from an RSA key pair¶

Instead of fusing the public key of the RSA key pair, only the hash of the public key is burned to the “PublicKeyHash” fuse field.

You can use tegrakeyhash program to generate PublicKeyHash value:

sudo ./tegrakeyhash --pkc <pkc.pem>  --chip <chip_id>

Where:

<pkc.pem> is the RSA key pair (.pem file) file

<chip_id> is 0x23 for Jetson AGX Orin series; 0x19 for Jetson NX Xavier series and Jetson AGX Xavier series

The hexadecimal value shown on the screen after tegra-fuse format (big-endian): can be used directly as PublicKeyHash fuse data of a Fuse Configuration file.

Note

tegrakeyhash program generates 64 bytes of PublicKeyHash value for Orin SoC (chip_id of 0x23).

tegrakeyhash program generates 32 bytes of PublicKeyHash value for Xavier SoC (chip_id of 0x19).

Here are some sample outputs after running tegrakeyhash to generate PublicKeyHash:

$ sudo ./tegrakeyhash --pkc rsa_priv-3k.pem --chip 0x23
Key size is 384 bytes
sha512 hash:
bytes:
0x18, 0xe9, 0x84, 0xf7, 0xd7, 0x9f, 0x7a, 0x18,
0x50, 0x39, 0xec, 0x41, 0x3e, 0xd2, 0xff, 0x86,
0x22, 0x7c, 0x8f, 0x0b, 0xe6, 0x39, 0xed, 0xde,
0x0c, 0xf2, 0x3a, 0xb1, 0xf7, 0x91, 0x0b, 0x75,
0x9e, 0xde, 0x8f, 0xb0, 0xc2, 0x0d, 0x02, 0xc6,
0x8d, 0xeb, 0x04, 0xa7, 0x52, 0x26, 0xd6, 0x32,
0xf9, 0xfe, 0x24, 0xc7, 0x1d, 0xad, 0x4b, 0x30,
0x2a, 0xcd, 0xba, 0x13, 0xdb, 0x65, 0x81, 0x30,

tegra-fuse format (big-endian):
0x18e984f7d79f7a185039ec413ed2ff86227c8f0be639edde0cf23ab1f7910b759ede8fb0c20d02c68deb04a75226d632f9fe24c71dad4b302acdba13db658130

fuse bypass format:
FAB_ENTRY(PUBLIC_KEY0, PUBLIC_KEY0, 0xf784e918),
FAB_ENTRY(PUBLIC_KEY1, PUBLIC_KEY1, 0x187a9fd7),
FAB_ENTRY(PUBLIC_KEY2, PUBLIC_KEY2, 0x41ec3950),
FAB_ENTRY(PUBLIC_KEY3, PUBLIC_KEY3, 0x86ffd23e),
FAB_ENTRY(PUBLIC_KEY4, PUBLIC_KEY4, 0x0b8f7c22),
FAB_ENTRY(PUBLIC_KEY5, PUBLIC_KEY5, 0xdeed39e6),
FAB_ENTRY(PUBLIC_KEY6, PUBLIC_KEY6, 0xb13af20c),
FAB_ENTRY(PUBLIC_KEY7, PUBLIC_KEY7, 0x750b91f7),
FAB_ENTRY(PUBLIC_KEY8, PUBLIC_KEY8, 0xb08fde9e),
FAB_ENTRY(PUBLIC_KEY9, PUBLIC_KEY9, 0xc6020dc2),
FAB_ENTRY(PUBLIC_KEY10, PUBLIC_KEY10, 0xa704eb8d),
FAB_ENTRY(PUBLIC_KEY11, PUBLIC_KEY11, 0x32d62652),
FAB_ENTRY(PUBLIC_KEY12, PUBLIC_KEY12, 0xc724fef9),
FAB_ENTRY(PUBLIC_KEY13, PUBLIC_KEY13, 0x304bad1d),
FAB_ENTRY(PUBLIC_KEY14, PUBLIC_KEY14, 0x13bacd2a),
FAB_ENTRY(PUBLIC_KEY15, PUBLIC_KEY15, 0x308165db),

Prepare an SBK key¶

An SBK key is used to encrypt Bootloader components. The same SBK key has to be fused to the Jetson’s SoC fuses, so the key can be used to decrypt the Bootloader components when the Jetson device boots up.

Note

You can only use the SBK key with the PKC key. The encryption mode that uses these two keys together is called SBKPKC.

The Orin SoC requires an SBK key be of eight 32-bit words (32 bytes). The Xavier SoC requires an SBK key be four 32-bit words (16 bytes).

The SBK key file is stored in big-endian hexadecimal format.

Here is an example of a 16-byte SBK key file:

0x12345678 0x9abcdef0 0xfedcba98 0x76543210

This type of file format is used in flash.sh command with -v option.

The same SBK representation used in the “SecureBootKey” fuse value field of a Fuse Configuration XML file is:

0x123456789abcdef0fedcba9876543210

Note

Hexadecimal numbers must be presented in big-endian format. The leading 0x or 0X can be omitted. The Jetson Secure Boot software converts the big-endian hexadecimal format to the format that the Jetson device expects. All standard OpenSSL utilities output in big-endian format.

We recommend that you use the Hardware Security Module (HSM) to generate a truly random number for an SBK key.

Caution

The security of your device depends on how securely you keep the key file.

Prepare K1/K2/KEK keys¶

The K1/K2/KEK keys are used for other security application, such as disk encryption/decryption, you must prepare these keys and other ODM fuse bits as described in the documentation for the other security application.

For Jetson Orin SoC, the fuse key names are OemK1 and OemK2, and the key length is 32 bytes.

For Jetson Xavier SoC, the fuse key names are Kek0, Kek1, Kek2, for which the key length is 16 bytes. Kek256 is a combination of Kek0 and Kek1 with a key length of 32 bytes.

These keys must be presented in Hexadecimal numbers and must be in the big-endian format.

Note

The leading 0x or 0X of a hexadecimal number can be omitted. The Jetson Secure Boot software converts the big-endian hexadecimal format to the format that the Jetson device expects.

These keys consist of eight (or four) 32-bit words stored in a file in the big-endian hexadecimal format.

Here is an example of an OemK1 key file:

0x11223344 0x55667788 0x99aabbcc 0xddeeff00 0xffeeddcc 0xbbaa9988 0x77665544 0x33221100

The same key representation in the OemK1 fuse value field in the Fuse Configuration XML file is:

0x112233445566778899aabbccddeeff00ffeeddccbbaa99887766554433221100

Note

We recommend that you use the HSM to generate a truly random number for KEK keys.

Caution

The security of your device depends on how securely you keep these key files.

Prepare the Fuse Configuration file¶

To modify the SoC’s Reference Fuse Configuration file, uncomment the fuses you need, and enter information in the correct fuse data fields for your target Jetson device.

The next section provides information about how to burn fuses with the prepared Fuse Configuration file.

Caution

The security of your device depends on how securely you keep the Fuse Configuration file.

Burn Fuses with the Fuse Configuration file¶

After the Fuse Configuration file is prepared, you can burn fuses using odmfuse.sh (-X option) script with the Fuse Configuration file:

sudo ./odmfuse.sh -X <fuse_config> -i <chip_id> <target_config>

If a Jetson board was previously burned with a PKC key <pkc.pem>, and the board needs to have additional fuses burned, run the following odmfuse.sh command with -k option:

sudo ./odmfuse.sh -X <fuse_config> -i <chip_id> -k <pkc.pem> <target_config>

Where:

<fuse_config> is the fuse configuration XML file.

<chip_id> is 0x23 for Jetson AGX Orin; 0x19 for Jetson Xavier NX and Jetson AGX Xavier.

<pkc.pem> is the RSA key pair (.pem file) that was fused to the board before.

<target_config> is the name of the configuration for your Jetson device and carrier board; see the table in Jetson Modules and Configurations.

Note

Fuse burning operations are high-risk because they cannot be reversed. NVIDIA strongly recommends that you use the --test option to verify fuse burning operations before you perform them.

When you add --test to an odmfuse.sh command, the command performs pre-burn processing and verification, but it does not actually burn the fuse. If the command reports the results you want, you can re-enter the command without --test and burn the fuse with greater confidence that you are doing it correctly.

Sign and Flash Secured Images¶

The procedures described in this section use the following placeholders in their commands:

<pkc_keyfile> is an RSA 2K or 3K key file.
<sbk_keyfile> is an SBK key file.
<target_config> is the name of the configuration for your Jetson device and carrier board; see the table in Jetson Modules and Configurations.

Sign and Flash Secured Images in One Step¶

For Jetson AGX Orin series¶

Navigate to the directory where you installed Jetson Linux.
Place the Jetson device into Recovery mode.

Enter the following command:

$ sudo ./flash.sh -u <pkc_keyfile> <target_config> mmcblk0p1

Note

If -u command option is omitted, all images flashed to the Jetson device are not signed.

Caution

The PKC key file must not be placed under the bootloader directory.

For Jetson Xavier NX series and Jetson AGX Xavier series¶

Navigate to the directory where you installed Jetson Linux.
Place the Jetson device into Recovery mode.

Enter the following command:

$ sudo ./flash.sh -u <pkc_keyfile> [-v <sbk_keyfile>] <target_config> mmcblk0p1

Note

If -v command option is specified, -u command option must be specified also.

If -v command option is omitted, all images flashed to the Jetson device are not encrypted.

If -u command option is omitted, all images flashed to the Jetson device are not signed.

Caution

None of the PKC key file and SBK key file can be placed under the bootloader directory.

Sign and Flash Secured Images in Separate Steps¶

Sign/encrypt the boot files:
```
$ sudo ./flash.sh --no-flash -u <pkc_keyfile> [-v <sbk_keyfile>] <target_config> mmcblk0p1
```
Note

If -v command option is specified, -u command option must be specified also.

If -v command option is omitted, all images flashed to the Jetson device are not encrypted.

If -u command option is omitted, all images flashed to the Jetson device are not signed.

Flash the generated encrypted/signed images:

$ cd bootloader
$ sudo bash ./flashcmd.txt

Note

Ensure that you place the Jetson device into Recovery mode before executing flashcmd.txt command.

Legacy Support of Secure Boot for Xavier SoC¶

Applies to the Jetson Xavier NX series and the Jetson AGX Xavier series only.

The following sections describe the legacy support for the Jetson Xavier NX and the Jetson AGX Xavier series only.

The following table describes user-programmable fuses that are related to Secure Boot for Xavier Soc.

Software and configuration fuses related to Secure Boot for NVIDIA^® Jetson Xavier™ NX series and NVIDIA^® Jetson AGX Xavier™ series
Bit size	Name	Default value set by `odmfuse.sh`
1	odm_production_mode	0x1.
256	public_key_hash	RSA public key hash.
128	secure_boot_key*	Secure Boot Key (SBK): AES encryption key for encrypting bootloader.
128	KEK0*	Four 32-bit register named KEK00 through KEK03.
128	KEK1*	Four 32-bit registers named KEK10 through KEK13.
256	KEK256	Not a distinct fuse; addresses KEK0 and KEK1 as a single 256-bit fuse.
128	KEK2*	Four 32-bit registers named KEK20 through KEK23.
* You can use `secure_boot_key` or the three Key Encryption Keys with different combinations of width as a key seed to encode keys. For example, KEK2 can be used as a key seed to encrypt and decrypted the Encrypted Key Blob (EKB) when TOS is enabled.

Here are the fuses that are handled by the user:

Bit size	Name	Default value set by odmfuse.sh
1	jtag_disable	0x0: JTAG is enabled (the default). 0x1: JTAG is disabled.
256	odm_reserved	Reserved fuses for the customer use. They are organized as 8 consecutive 32-bit fuses, `odm_reserved0` to `odm_reserved7`. `odm_reserved0` to `odm_reserved3` can be locked individually using corresponding bits in `odm_lock`.
4	odm_lock	Each bit set disables the write for the corresponding 32-bit odm_reserved fuses. For example: 0x2 locks bits 32−63 of `odm_reserved`, which corresponding to `odm_reserved1`.
8	sec_boot_dev_cfg	Depending on `sec_boot_dev_sel`, each bit has a different meaning.
24	sw_reserved	A bit map of configuration options. Bits not described here are reserved. Bits 2-0: `sec_boot_dev_sel`. 0=eMMC, 1=SPI. Meaningful only if `ignore_dev_sel_straps` (Bit 3) is set to 1. Bit 3: `ignore_dev_sel_straps`. 1=Ignore device selection boot straps, and use `sec_boot_dev_sel` (Bits 2-0) to select the boot device. Bit 5: `enable_watchdog`. Bit 23: 1=disable RCM mode

For details on hardware fuses and fuse names, refer to the following documents:

For Jetson Xavier NX series: Jetson Xavier NX Fuse Specification Application Note
For Jetson AGX Xavier series: Jetson AGX Xavier Series Fuse Programming Application Note

The following table describes the fuse name aliases that are recognized by tegraflash..

Fuse Name Aliases Recognized by tegraflash for Jetson Xavier NX series and Jetson AGX Xavier series
Name	tegraflash Alias and Notes
odm_production_mode	SecurityMode
public_key_hash	PublicKeyHash
secure_boot_key	Secure BootKey
Security_info	BootSecurityInfo
Key_encryption_key_0	Kek0
Key_encryption_key_1	Kek1
Key_encryption_key_256	Kek256
Key_encryption_key_2	Kek2
jtag_disable	JtagDisable
odm_reserved0, odm_reserved1,… odm_reserved7	`ReservedOdm0`, `ReservedOdm1`,… `ReservedOdm7` Customer programmable fuses; remain programmable after `FUSE_SECURITY_MODE` has been programmed. Default value (when no reserved ODM fuses have been programmed) is all zeros. One intended application of these fuses is software version revocation. You may use them for other purposes at your discretion.
odm_reserved8,… odm_reserved11	`ReservedOdm8`,… `ReservedOdm11` Reserved for use by NVIDIA. Do not use these fuses. Customer programming of these can result in boot failures and unexpected behavior.
odm_lock	`OdmLock` Each bit disables further changes to one of the `ReservedOdm` fuses. Only the first four `ReservedOdm` fuses can be disabled by this means. `OdmLock[0]` disables `ReservedOdm0` `OdmLock[1] disables` `ReservedOdm1` `OdmLock[2]` disables `ReservedOdm2` `OdmLock[3]` disables `ReservedOdm3`
sec_boot_dev_cfg	`SecBootDeviceSelect`
sw_reserved	`SwReserved`

Burning PKC, KEK, and SBK Fuses¶

To burn the PKC, KEK and SBK fuses by using a private key file PEM format:

Navigate to the host directory where you installed Jetson Linux.
Put the Jetson device into Force Recovery Mode.
Burn the fuse using the script odmfuse.sh. See odmfuse.sh Option Usage for illustrations of common operations.

Note

odmfuse.sh uses OpenSSL to burn PKC fuses.

odmfuse.sh Options¶

For fuses other than PKC key and odm_production_mode fuses, odmfuse.sh allows you to program ODM fuses that are completely at your discretion. Skip this topic if you do not plan to modify these fuses.

These are the odmfuse.sh command line options that blow ODM fuses:

Option	Description
-d 0xXXXX	Sets `sec_boot_dev_cfg=<value>&0x3fff.` For detail, see the Technical Reference Manual for your device’s processor.
-disable-jtag	Disables JTAG. Use this option to block use of the JTAG debugger.
-l 0xX	Sets `odm_lock` to the specified value. Setting each bit locks (makes read-only) the corresponding 32-bit word in the `odm_reserved` field. For example, setting `odm_lock` to 0x1 locks the first 32-bit word of `odm_reserved`. Setting `odm_lock` to 0x5 locks the first and third 32-bit words of `odm_reserved`, and so on.
–odm_reserved[0:7]	Sets `odm_reserved[n]` to the specified value. The value must be a quoted 32-bit (eight-digit) hexadecimal number in the form `0xnnnnnnnn`.
-p	Sets production mode.
-r 0xXX	Sets `sw_reserved=0xXX`. The bit definitions are: Bits 7-6: Reserved. Bit 5: Enable_watchdog. Bit 4: Reserved. Bit 3: `ignore_dev_sel_straps`: Ignore device selection boot straps. Bits 2-0: `sec_boot_dev_sel`: Boot device: 0=eMMC, 1=SPI.
-S <SBK_file>	Sets the Secure Boot key used to encrypt Bootloader and the TOS. The content of `<SBK_file>` must be four 32-bit big-endian numbers in hexadecimal format. This key must be used along with PKC key.
–noburn	Prepares the fuse blob to be used repeatedly on the factory floor. This option generates `Linux_for_Tegra/fuseblob.tbz2`, which can be downloaded and untarred in the `Linux_for_Tegra/` directory of a factory host. After `fuseblob.tbz2` is untarred in the `Linux_for_Tegra/` directory, `Linux_for_Tegra/bootloader/fusecmd.sh` is used to burn fuses repeatedly instead of the standard `odmfuse.sh`.
–KEK0 –KEK1 –KEK2 <path>	Pathname of the key encryption key file that other security applications are to use to encrypt and decrypt keys. The content of the file must be a single 128-bit big-endian number in hexadecimal format.
–KEK256 <path>	Pathname of the 256-bit Key Encryption Key file that the high-level security application will use to encrypt the application keys. The content of the file must be a single 256-bit big-endian number in hexadecimal format.
–auth <status>	Indicates the board’s current authentication status. Possible <status> values are: `NS`: not fused with PKC or SBKPKC, `PKC`: previously fused with PKC only, `SBKPKC`: previously fused with PKC and SBK. This option is only used when running `odmfuse.sh` with no boards connected (i.e. in offline mode) to generate a fuse blob for manufacturing. To run `odmfuse.sh` in offline mode: Use the command line option `--noburn`. Specify the carrier board by setting these environment variables on the command line. You can get the appropriate values from the Jetson module’s EEPROM as described in the “EEPROM Layout” topic for your Jetson device. `BOARDID`: Use the value of the “Board number” field. `FAB`: Use the value of the “FAB number” field. `BOARDSKU`: Use the value of the “SKU number” field. `BOARDREV`: Use the values of the “major revision” and “minor revision” fields, separated by a period. Examples: For a board that has not been fused with PKC and SBK keys: $ sudo FAB=400 BOARDID=2888 BOARDSKU=0006 \ BOARDREV=B.0 ./odmfuse.sh --noburn -i 0x19 \ --auth NS -p -k <pkc> --KEK2 <kek2> \ -S <sbk> jetson-xavier-devkit where, –auth NS: means no PKC or SBK keys burned -k <pkc>: to burn `PublicKeyHash` fuse -S <sbk>: to burn `SecureBootKey` fuse -p: to burn production mode fuse —KEK2 <kek2>: to burn `Kek2` fuse For a board that has PKC and SBK keys previously fused: $ sudo FAB=400 BOARDID=2888 BOARDSKU=0006 \ BOARDREV=B.0 ./odmfuse.sh --noburn -i 0x19 \ --auth SBKPKC -p -k <pkc> --KEK2 <kek2> \ -S <sbk> jetson-xavier-devkit where, –auth SBKPKC: means PKC and SBK keys were burned previously -k <pkc>: `PublicKeyHash` fuse was previously burned with <pkc> key -S <sbk>: `SecureBootKey` fuse was previously burned with <sbk> key -p: to burn production mode fuse —KEK2 <kek2>: to burn `Kek2` fuse
–test	Prevents the script from actually burning fuses. Pre-burn processing and tests are performed as usual. This option is normally used for fuse burning tests, since fuse values cannot be changed once they are burned.

Non-Destructive Testing for Fuse Burning Operations¶

Fuse burning operations are high-risk because they cannot be reversed. NVIDIA strongly recommends that you use the --test option to verify fuse burning operations before you perform them.

When you add --test to an odmfuse.sh command, the command performs pre-burn processing and verification, but it does not actually burn the fuse. If the command reports the results you want, you can enter the command again without --test and burn the fuse with greater confidence that you are doing it correctly.

odmfuse.sh Option Usage¶

To fuse PKC HASH from the .pem file with JTAG enabled:

$ sudo ./odmfuse.sh -i <chip_id> -p -k <key.pem> --KEK[0-2] <KEK file> -S <SBK_file> <target_config>

To fuse PKC HASH from the .pem file with JTAG disabled:

$ sudo ./odmfuse.sh -i <chip_id> -p -k <key.pem> --KEK[0-2] <KEK file> -S <SBK_file> --disable-jtag <target_config>

To burn a secure fuse with PKC, SBK, and KEK2:

$ sudo ./odmfuse.sh -i <chip_id> -p -k <PKC file> -S <SBK file> --KEK2 <KEK2 file> <target_config>

To burn a secure fuse with PKC and KEK2:

$ sudo ./odmfuse.sh -i <chip_id> -p -k <PKC file> --KEK2 <KEK2 file> <target_config>

Where:

<chip_id> is 0x19
<target_config> is the name of the configuration for the Jetson device and carrier board you are using, as shown in the Jetson Modules and Configurations table.

Signing and Flashing with initrd Using the l4t_initrd_flash.sh Script¶

Place the Jetson device into Force Recovery mode.
To sign the image, run the command:
```
$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --no-flash -u <pkc_keyfile> [-v <sbk_keyfile>] <target_config> <rootdev>
```
Where (in addition to the placeholders described in Placeholders Used in the Procedures):
- <target_config> is the name of the configuration for that Jetson device and carrier board, specified by the environment variable BOARD. (See the table in Jetson Modules and Configurations
- <rootdev> specifies the device on which the root file system is located, as described in the topic Basic Flashing Script Usage.

To flash the target device, run the following command:

$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only -u <pkc_keyfile> [-v <sbk_keyfile>] <board_name> <rootdev>

Where <board_name> and <rootdev> are the same as in step 2, above.

Secure Boot¶

Overall Fusing and Signing Binaries Flow¶

Installing the Secure Boot Package¶

Prerequisites¶

Install Secure Boot Package¶

Fuses and Security¶

Fuse Configuration File¶

Jetson AGX Orin Fuse Configuration File¶

Example Orin Fuse Configuration File to Program the RSA-3K Key¶

Example Orin Fuse Configuration File to Program the RSA-3K Key + SBK Key + OemK1 Key¶

Orin Reference Fuse Configuration File¶

Jetson Xavier NX and Jetson AGX Xavier Fuse Configuration Files¶

Example Xavier Fuse Configuration File to Program the RSA-2K Key¶

Example Xavier Fuse Configuration File to Program the RSA-3K Key + SBK Key + KEK Key¶

Xavier Reference Fuse Configuration File¶

Generate An RSA Key Pair¶

Generate PublicKeyHash value from an RSA key pair¶

Prepare an SBK key¶

Prepare K1/K2/KEK keys¶

Prepare the Fuse Configuration file¶

Burn Fuses with the Fuse Configuration file¶

Sign and Flash Secured Images¶

Sign and Flash Secured Images in One Step¶

For Jetson AGX Orin series¶

For Jetson Xavier NX series and Jetson AGX Xavier series¶

Sign and Flash Secured Images in Separate Steps¶

Legacy Support of Secure Boot for Xavier SoC¶

Burning PKC, KEK, and SBK Fuses¶

odmfuse.sh Options¶

Non-Destructive Testing for Fuse Burning Operations¶

odmfuse.sh Option Usage¶

Signing and Flashing with initrd Using the l4t_initrd_flash.sh Script¶

Generate `PublicKeyHash` value from an RSA key pair¶