Based on the L4T R32.6.1 sources for the Trusty TEE for the Jetson-TX2 and Jetson AGX Xavier platforms.
The NVIDIA demo and ipc-unittest trusted apps (TAs) are removed, and a static key storage TA, just called "keystore", is implemented. See the README file for keystore for more information.
Also provided are a client-side tool for obtaining secrets from the keystore and a build-time tool for initializing the "encrypted keyblob" (EKB) with the secrets before flashing. See the README file for more information about the tools.
This software incorporates code from a variety of sources, covered under different licenses. See the following files for details:
- Keystore TA license
- Keystore tools license
- BoringSSL license
- Fiat license
- Wycheproof testvectors license
- Remoteproc license
- Virtio license
- LK Trusty headers license
- LK Trusty license
- libc-trusty licenses
- libstdc++-trusty licenses
- openssl-stubs license
- Little Kernel license
- Tegra platform code license
Note that the above may not be a complete list.
This code is provided as an example of how to implement a trusted application using the vendor-provided features in the board support package for the Jetson platforms, and comes with no warranties or assurances as to its security or suitability for any particular purpose. Use at your own risk.