4.3. System Administration

In addition to the guidance D3 Embedded provides below, Canonical provides the Ubuntu Documentation Directory which has a lot of useful information for maintaining your Jetson. Not all documentation may apply due to various JetPack customizations on top of Ubuntu.

4.3.1. Security

4.3.1.1. Regular Updates

According to the latest Top Routinely Exploited Vulnerabilities report, one of the most effective actions you can take is applying software updates in a timely manner. The software on your Jetson is generally derived from the following sources:

• Canonical’s Ubuntu

• NVIDIA’s JetPack / Linux4Tegra

• Partner JetPack patches (on non-D3 Embedded hardware)

• D3 Embedded’s Jetson Modules

D3 Embedded recommends subscribing to the Ubuntu and NVIDIA security notice mailing lists so you will receive timely notification of vulnerabilities and their fixes:

• Ubuntu Security Notices

• NVIDIA Product Security

If you install any software from additional sources, we recommend investigating their security policies and subscribing to their security notifications as well.

When you flash your Jetson, you are flashing a filesystem that contains software packages frozen in time as part of a JetPack release. As time marches on after the JetPack release, security vulnerabilities for these software packages are discovered and patched with the fixed versions uploaded to Ubuntu/NVIDIA’s online APT sources. These security updates are not on your system after flashing.

Warning

If you’re using non-D3 Embedded hardware, the following steps may not be supported due to customizations applied to the standard JetPack SDK. Contact your hardware vendor for more details.

To rectify this, we recommend running the following commands after flashing:

# Download latest package listings
sudo apt update

# Mark NVIDIA L4T packages as 'held' to avoid upgrading them
# (see below for reasoning)
sudo apt-mark hold nvidia-l4t-*

# Upgrade packages
sudo apt upgrade

# Reboot
sudo reboot now

After the first upgrade, all that is necessary for routine Ubuntu upgrades is running apt update, apt upgrade, and reboot now.

We do not recommend upgrading the nvidia-l4t packages on a routine basis unless a security notice is issued for the Jetson version you are using. At the time of writing this (2025-11-14), NVIDIA tends to release both Jetson and DRIVE updates to the same APT source. DRIVE updates are not compatible with Jetsons and may lead to an unusable system. Note that updating nvidia-l4t packages will typically overwrite any custom kernel installed and may remove or overwrite any patches applied to Jetson-specific software. If you have received a Jetson security notice, use the following commands to apply the updates:

# Download latest package listings
sudo apt update

# Un-mark NVIDIA L4T packages as 'held'
sudo apt-mark unhold nvidia-l4t-*

# Upgrade packages. Make sure the new L4T package versions being installed
# are the one recommended by NVIDIA in their security notice.
sudo apt upgrade

# Re-mark NVIDIA L4T packages as 'held' until the next security notice
sudo apt-mark hold nvidia-l4t-*

# Reboot
sudo reboot now

If you have a production deployment of Jetsons, we recommend testing all updates on a non-critical Jetson before rolling it out to the wider deployment.