Jump to content

RidgeRun Platform Security Manual/Platform Security/Secure Boot: Difference between revisions

RidgeRun Platform Security Manual/Platform Security/Secure Boot (view source)

Revision as of 21:42, 2 April 2025

6 bytes removed ,  2 April
→‎Secure Boot
Visual
Line 35: Line 35:
====Secure Boot====
====Secure Boot====


On NVIDIA Jetson Systems, Secure Boot is activated to block the execution of unauthorized boot codes. Secure Boot process in NVIDIA SoCs, is implemented with Public Key Cryptography ([https://en.wikipedia.org/wiki/Public-key%20cryptography PKC wikipedia page]) where a pair of keys is used, a private and a public one, and the main principle of Public Key Cryptography is that you can generate the public key from the private key pair but not the other way around. This is important to know because the way NVIDIA SoCs implement a secure boot is by storing a public key hash on a device called fuse and signing the boot codes with the private key. The fuse is a device that can only be written once to, and cannot be modified after that. The name comes from the analogy of a real electrical fuse that, once burned, cannot be burned a second time. As explained in this [https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security/Root_of_Trust section], the root of trust is the part of the system that is always, across time, immutable and tamper-resistant, so the security process starts from a trusted state. In this case, the root of trust is a code on a on-die BootROM that authenticates
On NVIDIA Jetson Systems, Secure Boot is activated to block the execution of unauthorized boot codes. Secure Boot process in NVIDIA SoCs, is implemented with Public Key Cryptography ([https://en.wikipedia.org/wiki/Public-key%20cryptography PKC wikipedia page]) where a pair of keys is used, a private and a public one. The main principle of Public Key Cryptography is that you can generate the public key from the private key pair but not the other way around. This is important to know because the way NVIDIA SoCs implement a secure boot is by storing a public key hash on a device called fuse and signing the boot codes with the private key. The fuse is a device that can only be written once to, and cannot be modified after that. The name comes from the analogy of a real electrical fuse that, once burned, cannot be burned a second time. As explained in this [https://developer.ridgerun.com/wiki/index.php/RidgeRun_Platform_Security_Manual/Platform_Security/Root_of_Trust section], the root of trust is the part of the system that is always, across time, immutable and tamper-resistant, so the security process starts from a trusted state. In this case, the root of trust is a code on a on-die BootROM that authenticates
each boot code that is going to be executed by generating a public key hash from the private key that the boot codes were signed with, and comparing it to the key hash on the respective fuse.
each boot code that is going to be executed by generating a public key hash from the private key that the boot codes were signed with, and comparing it to the key hash on the respective fuse.


Line 44: Line 44:
[[File:Securebootdiagram.png|450px|frame|center|Fig 1. Boot codes structure on NVIDIA Jetson Orin boards]]
[[File:Securebootdiagram.png|450px|frame|center|Fig 1. Boot codes structure on NVIDIA Jetson Orin boards]]


At first, the BootRom code is executed which is the Root of Trust of the NVIDIA Jetson Orin and Xavier systems. This code loads and starts the PSCROM (Platform Security Controller Read Only Memory) code which is the code that authenticates other boot codes before its execution starts. The codes it authenticates are MB1 (Microboot 1) and its MB1 BCT (Microboot 1 Boot Configuration Table), as well as PSCBL1 (Platform Security Controller Bootloader 1). As reference, MB1, initializes certain parts of the SoC, including the CPU, and performs security configuration. PSCBL1 starts MB2 (Microbootloader 2), which is in control of some more firmware initilizations included loading the UEFI Bootloader, that is where secure boot ends and UEFI secure boot starts.
At first, the BootRom code is executed which is the Root of Trust of the NVIDIA Jetson Orin and Xavier systems. This code loads and starts the PSCROM (Platform Security Controller Read Only Memory) code which is the code that authenticates other boot codes before its execution starts. The codes it authenticates are MB1 (Microboot 1) and its MB1 BCT (Microboot 1 Boot Configuration Table), as well as PSCBL1 (Platform Security Controller Bootloader 1). As reference, MB1, initializes certain parts of the SoC, including the CPU, and performs security configuration. PSCBL1 starts MB2 (Microbootloader 2), which is in control of some more firmware initilizations included loading the UEFI Bootloader, that is where secure boot ends and UEFI secure boot starts.


====UEFI Secure Boot====
====UEFI Secure Boot====
Chidalgo
174

edits

Retrieved from "https://developer.ridgerun.com/wiki/index.php/Special:MobileDiff/64970"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.