I’m recently tried to figure out what is secure boot and how I can accomplish it on NVIDIA TX2 board.
I followed the “Jetson_Device_Secure_Boot_and_Fuse_Burning.pdf”
I managed to generate a RSA key pair.
I updated the Linux_for_Tegra folder with files I downloaded (secureboot.tbz2)
I managed to burn an image with command:
./flash.sh -x 0x18 -y PKC -u MY_FILE.pem jetson-tx2 mmcblk0p1
I copied the the tegrafuse.sh to the board and according to the output, I have a public_key: filed with some string and not zero like in all other fields.
— Here are my questions: —
With the same folder (with secure files added) I can’t update only the uboot or dtb - but only the whole image. Please confirm this behavior.
I can’t burn image without key, the output from flash script:
./flash.sh jetson-tx2 mmcblk0p1 ... Error: Return value 3 Command tegrarcm_v2 --chip 0x18 --rcm rcm_list_signed.xml --skipuid Reading board information failed.
Please confirm that ones the SoM secured, I can’t re-flash any component, only entire image.
- How I can revert back to the non-secure mode?
Thanks in advance