Secure Storage#

NVIDIA DriveOS Security Services provides secure storage service with dedicated secure NOR hardware. Secure storage can provide data confidentiality, data integrity, and data availability to the stored data.

Data confidentiality: All object data to be written into secure NOR would be encrypted by filesystem key.

Data integrity: Object data need to be authenticated by CRC (for header) and GMAC (tag stored in already authenticated header, and would will be checked during decryption).

Data availability: Secure storage provides 2x data redundancy on secure NOR (all blocks are stored in 2 NOR sectors), and ECC is enabled on secure NOR.

Persistent key objects are stored in secure storage. Please refer to chapter on Persistent Key Object Support in the Secure Platform Developer Guide.