Disabling GPU Debugger and Profiler for Security
Important: Points to consider before using GPU Debugger and
Profiler.
NVIDIA recommends disabling the GPU Debugger and Profiler support before deploying NVIDIA DRIVE® OS or when the support is not required during development.
Note: The GPU Debugger and Profiler support is enabled by default in NVIDIA DRIVE OS to better development experience.- GPU Debugger and Profiler can examine and alter the state of all the applications running on the GPU, and attackers can exploit this capability.
- Potential security risks could occur when this support is enabled during the DRIVE OS deployment.
To disable GPU Debugger and Profiler:
- Identify the Guest OS DTB file getting flashed on the target.
- Back up the original DTB file, and convert it to the DTS format with this
command:
dtc -I dtb -O dts <DTB> -o edit.dts
-
Edit edit.dts and set the
support-gpu-tools
device tree property in the GPU device node to0
.- For more information, see
<top>/kernel/kernel-5.10/Documentation/devicetree/bindings/gpu/nvidia,gv11b.txt
. - On NVIDIA DRIVE Orin™, the GPU device node name is
ga10b
.
- For more information, see
- Save the edits and compile DTS back to DTB format with
command:
dtc -I dts -O dtb edit.dts -o <DTB>
-
Bind and flash the target as usual.
The GPU Debugger and Profiler support is disabled now.
To enable GPU Debugger and Profiler:
- Back up the original DTB file, and convert it to the DTS format with this
command:
dtc -I dtb -O dts <DTB> -o edit.dts
-
Edit edit.dts and set the
support-gpu-tools
device tree property in the GPU device node to1
.- For more information, see
<top>/kernel/kernel-5.10/Documentation/devicetree/bindings/gpu/nvidia,gv11b.txt
. - On NVIDIA DRIVE Orin, the GPU device node name is
ga10b
.
- For more information, see
- Save the edits and compile DTS back to DTB format with
command:
dtc -I dts -O dtb edit.dts -o <DTB>
-
Bind and flash the target as usual.
The GPU Debugger and Profiler support is enabled now.