Hi everyone,
We’re encountering a boot issue with our Jetson AGX Orin Industrial after programming the Fuses. The device fails to boot and displays an error message related to secure boot.
Steps Taken:
FUSE Programming:
sudo ./odmfuse.sh -i 0x23 -k rsa.pem -S sbk.key -X fuse.xml jetson-agx-orin-devkit-industrial
rsa.pem
, sbk.key
, and fuse.xml
are in keys.zip (2.6 KB)
EKB Image Generation:
echo "1cf3dadd1e8a45222101dd7eac2be6a9168d24f64ad8d11b7369c929519f7912" > oem_k2.key
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t234
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
echo "f0e0d0c0b0a0010203040506070809aa" > sym2_t234.key
rm bootloader/eks_t234.img
python3 gen_ekb.py -chip t234 -oem_k2_key oem_k2.key \
-fv fv_ekb_t234 \
-in_sym_key sym_t234.key \
-in_sym_key2 sym2_t234.key \
-out eks_t234.img
Next we copy eks_t234.img into the Linux_for_Tegra/bootloader/ and sym2_t234.key into Linux_for_Tegra folder.
Flashing the Device:
./flash.sh -u rsa.pem -v sbk.key jetson-agx-orin-devkit-industrial mmcblk0p1
Flash procedure completes with no issues however upon attempting to boot, we see the error below:
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
E/TC:?? 00 jetson_user_key_pta_uefi_vars_auth:861 Auth key is not set in EKB.
E/TC:?? 00 stmm_handle_variable_authentication:910 Failed to get signed CMAC ffff0008
ASSERT [FvbNorFlashStandaloneMm] /dvs/git/dirty/git-master_linux/out/nvidia/optee.t234-uefi/StandaloneMmOptee_RELEASE/edk2-nvidia/Silicon/NVIDIA/Drivers/FvbNorFlashDxe/VarIntCheck.c(900): ((BOOLEAN)(0==1))
Did we miss a step in enabling secure boot? Any help troubleshooting this boot failure would be greatly appreciated.