AGX Orin Boot Failure After FUSE Programming on JP5.1.3

Hi everyone,

We’re encountering a boot issue with our Jetson AGX Orin Industrial after programming the Fuses. The device fails to boot and displays an error message related to secure boot.

Steps Taken:

FUSE Programming:
sudo ./ -i 0x23 -k rsa.pem -S sbk.key -X fuse.xml jetson-agx-orin-devkit-industrial

rsa.pem , sbk.key , and fuse.xml are in (2.6 KB)

EKB Image Generation:

echo "1cf3dadd1e8a45222101dd7eac2be6a9168d24f64ad8d11b7369c929519f7912" > oem_k2.key
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t234
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
echo "f0e0d0c0b0a0010203040506070809aa" > sym2_t234.key
rm bootloader/eks_t234.img
python3 -chip t234 -oem_k2_key oem_k2.key \
        -fv fv_ekb_t234 \
        -in_sym_key sym_t234.key \
        -in_sym_key2 sym2_t234.key \
        -out eks_t234.img

Next we copy eks_t234.img into the Linux_for_Tegra/bootloader/ and sym2_t234.key into Linux_for_Tegra folder.

Flashing the Device:
./ -u rsa.pem -v sbk.key jetson-agx-orin-devkit-industrial mmcblk0p1

Flash procedure completes with no issues however upon attempting to boot, we see the error below:

I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
E/TC:?? 00 jetson_user_key_pta_uefi_vars_auth:861 Auth key is not set in EKB.
E/TC:?? 00 stmm_handle_variable_authentication:910 Failed to get signed CMAC ffff0008
ASSERT [FvbNorFlashStandaloneMm] /dvs/git/dirty/git-master_linux/out/nvidia/optee.t234-uefi/StandaloneMmOptee_RELEASE/edk2-nvidia/Silicon/NVIDIA/Drivers/FvbNorFlashDxe/VarIntCheck.c(900): ((BOOLEAN)(0==1))

Did we miss a step in enabling secure boot? Any help troubleshooting this boot failure would be greatly appreciated.

hello OhmMyGod,

it looks UEFI to block the booting.

we’re able to resolve this issue by re-generate EKS image.
please refer to Topic 284400 for the steps to test again.