Understanding Security
NVIDIA DRIVE® OS security services ensure the confidentiality of critical system secrets such as root keys and other device configuration information. They are also responsible for providing user-space applications running in the Guest OS, the ability to offload cryptographic operations on-to SoC security hardware. These services rely on the isolation provided by the virtualization system.
This section describes the functionality and possible customization for these security services and is broadly divided into subsections.
Refer to the appropriate subsection for detailed information on the various services:
Acronyms and Abbreviations
The following acronyms are used throughout this section.
Term |
Definition |
---|---|
ATF |
ARM trusted firmware |
BCT |
Boot Configuration Table |
BDT |
Boot Device Tree |
BR |
BootROM |
BR-BCT |
BootROM Boot Configuration Table |
CA |
Client Applications |
CBC |
Cipher Block Chaining |
CMAC |
a block of Cipher-based Message Authentication code algorithm |
EKS |
Encrypted Key Store |
GP API |
Global Platform Application Programming Interface |
HW |
Hardware |
JTAG |
Joint Test Action Group IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture |
KEK |
Key Encryption Key |
KROM |
The Key ROM (KROM in short) primarily contains two types of keys: • Wrapped Symmetric Keys • Public component of Asymmetric RSA Keys (Exponent only) |
ODM |
Original Design Manufacturing |
OEM |
Original Equipment Manufacturer |
OpenSSL |
A general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer protocol. |
OS |
Operating System |
OSC |
Oscillator |
OTA |
Over-the-Air |
PCT |
Platform Configuration Table |
PKC |
Public Key Cryptography |
PolarSSL |
also known as ARM-mbed |
REE |
Rich Execution Environment |
PSC |
Platform Security Controller |
ROM |
Read-only Memory |
RPMB |
Replay protected memory block |
RSA |
An encryption mechanism that uses public and private keys. |
RSASSA-PSS |
RSA Signature Scheme with Appendix- Probabilistic Signature Scheme (cryptography) |
SBK |
Secure Boot Key |
SDK/PDK |
Software Development Kit / Platform Development Kit |
SDRAM |
Synchronous Dynamic Random Access Memory |
SE |
Security Engine Hardware |
SS |
Secure Storage |
TA |
Trusted Applications |
TEE |
Trusted Execution Environment |
TOS |
Trusted Operating System |
TSC |
Tegra Secure Counter |
UID |
Unique Identification |
UUID |
Universal Unique Identification |
VM |
Virtual Machine |