Congratulations! Your Jetson Nano (T210) product is finished and ready to ship worldwide. Secure boot is enabled, Linux and it’s bootloaders are locked down and the file system holding your precious IP is encrypted. Even JTAG is disabled with an OTP (One-Time-Programmable) security fuse. Yet, lurking in the Jetson Nano’s Linux kernel is a PCIe IOMMU vulnerability allowing an attacker to circumvent all that security. An off-the-shelf $500 tool, the PCI Screamer, and open source software, PCI Leech, gives total RAM and kernel access at over 20MB/s. Yes – faster than the expensive JTAG probes you just locked out. How is this possible?
https://www.thegoodpenguin.co.uk/blog/p ... 022-21819/