From Fresh to Secure

From RidgeRun Developer Wiki

Follow Us in Twitter LinkedIn Email Share this page


NVIDIA partner logo NXP partner logo






Tutorial: Securing a Platform from Scratch: Step-by-Step Guide

This tutorial walks you through all the steps required to secure your embedded platform from a fresh system install, using the RidgeRun Platform Security Manual as a reference.

A secure platform follows a similar structure to the following:

Secure Platform Chain
Secure Platform Chain

1. Understand the Security Fundamentals

Before implementation, ensure you're familiar with the building blocks of platform security:

For more information on the fundamentals, please check the Platform Security section.

2. Implement Secure Boot

Secure Boot involves a series of steps. It can be considered the longest process when preparing a secure platform. Nevertheless, ensuring secure boot prevents the system from loading software components that have been altered or come from untrusted sources.

The following steps are required for NVIDIA Jetson:

3. Set Up a Trusted Execution Environment (TEE)

TEE Overview and Setup

It provides a hardware-backed, isolated environment for secure operations.

4. Enable Disk Encryption

NVIDIA Jetson Disk Encryption Setup

This ensures your stored data is protected even if the device is compromised.

5. Implement Over-the-Air (OTA) Updates

OTA Security Guide

6. Add Additional Security Layers

Platform Security Extensions

If available:

  • Use a secure key management system (e.g., kernel keyring).
  • Apply IMA (Integrity Measurement Architecture) for file integrity checking.

7. Test and Validate Your Security Setup

For detailed instructions and platform-specific steps, refer to the full RidgeRun Platform Security Manual.