A few questions regarding the secure boot on TX2

Hi All,

I’m recently tried to figure out what is secure boot and how I can accomplish it on NVIDIA TX2 board.

I followed the “Jetson_Device_Secure_Boot_and_Fuse_Burning.pdf”

I managed to generate a RSA key pair.

I updated the Linux_for_Tegra folder with files I downloaded (secureboot.tbz2)

I managed to burn an image with command:

./flash.sh -x 0x18 -y PKC -u MY_FILE.pem jetson-tx2 mmcblk0p1

I copied the the tegrafuse.sh to the board and according to the output, I have a public_key: filed with some string and not zero like in all other fields.

— Here are my questions: —

  1. With the same folder (with secure files added) I can’t update only the uboot or dtb - but only the whole image. Please confirm this behavior.

  2. I can’t burn image without key, the output from flash script:

./flash.sh jetson-tx2 mmcblk0p1
...
Error: Return value 3
Command tegrarcm_v2 --chip 0x18 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.

Please confirm that ones the SoM secured, I can’t re-flash any component, only entire image.

  1. How I can revert back to the non-secure mode?

Thanks in advance

Hi dshtaingus,

  1. How I can revert back to the non-secure mode?
    Below are some descriptions from “Jetson_Device_Secure_Boot_and_Fuse_Burning.pdf”. FYI.

========================================================================
Fuses and Security

Tegra devices contain multiple fuses that control different items for
security and boot. Programming a fuse, such as changing a value of a
fuse bit from 0 to 1, is non-reversible. Once a fuse bit is programmed
by setting to 1, you cannot change the fuse value from 1 to 0.
For example, a value of 1(0x01) can be changed to 3(0x03) or 5(0x5),
but not to 4(0x4) because the bit 0 is already programmed to 1.

Once odm_production_mode is fused with value of 0x1, all further
fuse write requests are blocked and the fused values are available
through the provided Tegra API. However, the odm_reserved and
odm_lock fields still are writable until the odm_lock bit is programmed
by changing the value of the bit from 0 to 1.

Hi vickyy,

Thanks for reply.

I got your answer regarding my 3-rd question.

Can you confirm my other 2 questions?

  1. With the same folder (with secure files added) I can’t update only the uboot or dtb - but only the whole image. Please confirm this behavior.

  2. I can’t burn image without key, the output from flash script:

hello dshtaingus,

1. With the same folder (with secure files added) I can’t update only the uboot or dtb - but only the whole image. Please confirm this behavior.
2. I can’t burn image without key, the output from flash script: Please confirm that ones the SoM secured, I can’t re-flash any component, only entire image.

once you fuse your device, you will need “keys” for flashing.
and there’s no partial update supported, that means you need to flash the entire image.

3. How I can revert back to the non-secure mode?

no chance, this is non-reversible.

A Quick question, once secure boot is set and fuses are burnt, is the image on the TX2 remains clonable on a host without keys ? (For backup and/or avoiding to get someone getting a raw image ) thks

hello agruet,

it’s not support to clone a system image of fused device.
may I know what’s your real scenario or use-case to clone a system image of fused device.

in the other hand, you should note that enable secureboot would prevents the execution of unauthorized boots.
it’s necessary to given keys to access partitions.
thanks