Build the massflash blob tarball failed

Hi,
I want to create the mass flash tarball for Jetson NX (production module) in OFFLINE mode or ONLINE mode
but both failed.

ONLINE command:
sudo ./nvmassflashgen.sh jetson-xavier-nx-devkit-emmc mmcblk0p1

OFFLINE command:
sudo BOARDID=3668 BOARDSKU=0001 FAB=100
FUSELEVEL=fuselevel_production ./nvmassflashgen.sh
jetson-xavier-nx-devkit-emmc mmcblk0p1

there is the error message and attachment is full message,

[ 10.1950 ] Packing sdram param for instance[14]
[ 10.1950 ] Packing sdram param for instance[15]
[ 10.1950 ]
[ 10.1951 ] Using default ramcode 0
[ 10.1951 ] Generating BPMP dtb for ramcode - 0
Error: Could not find dtc
Keep temporary directory /home/revo/xavierNX_l4t3251/Linux_for_Tegra/bootloader/8925
Error: Signing binaries failed.

how to fix it?
thanks .

log.txt (32.5 KB)
log_online.txt (37.1 KB)

hello jakelin,

it looks you’re working with JetPack-4.5.1 / l4t-r32.5.1
are you also download the latest SecureBoot package from https://developer.nvidia.com/embedded/linux-tegra ?

Hi Jerry,
I downloaded the SecureBoot , generated the rsa 2048 key and used the command as following :

sudo ./nvmassflashgen.sh -x 0x19 -y PKC -u …/rsa_priv.pem jetson-xavier-nx-devkit-emmc mmcblk0p1

It is worked, but I tried to flashing the tarball to my device, I got the errors:

./nvmflash.sh
Start flashing device: 1-1, PID: 30250
Ongoing processes: 30250
Ongoing processes:
Flash complete (WITH FAILURES)

I missed something to do?

hello jakelin,

could you please share the complete bootloader messages for the failure,

FYI,
please refer to below topic, we had confirmed fuse and flashing works on Xavier NX,
please check the steps for reference, Jetson Xavier NX DEVKIT secureboot enabled - #7 by JerryChang
thanks

Hi Jerry,
bootloader messages as attachment,

and could I skip the secureboot steps with making the massflash blob? or the secureboot is necessary?

thanks.

log0602.txt (63.7 KB)

hello jakelin,

according to the logs, image has created successfully

Mass Flashing tarball mfi_jetson-xavier-nx-devkit-emmc_signed.tbz2 is ready.

may I know what’s the flashing errors when you connect Jetson boards and put them in forcef-recovery mode for flashing.
you should execute ./nvmflash.sh to flash the target.
thanks

Hi Jerry,

Attachment is the flash result,
thanks.

flash_complete.txt (112 Bytes)

hello jakelin,

would like to confirm that you’re generating the PKC signed massflash blob for the secure target?
in the other words. is this Xavier NX has secureBoot enabled?
please have below to generate clear massflash blob if this platform has not enable Jetson security,
for example, sudo ./nvmassflashgen.sh <device name> mmcblk0p1

Hi Jerry,

I executed this command but got error

sudo ./nvmassflashgen.sh jetson-xavier-nx-devkit-emmc mmcblk0p1

clear.log (37.0 KB)

hello jakelin,

just for confirmation, is this Jetson Xavier NX eMMC fused or not?

Hi Jerry,

fused failed.

I followed this topic https://forums.developer.nvidia.com/t/jetson-xavier-nx-devkit-secureboot-enabled/158361/4

and execute odmfuse by following command:

sudo BOARDID=3668 BOARDSKU=0001 FAB=100 BOARDREV=H.0 ./odmfuse.sh --noburn -i 0x19 --auth PKC -p -k …/rsa_priv.pem jetson-xavier-nx-devkit-emmc

and generated a fuse blob successfully,
but when I extracted blob and executed ./fusecmd.sh,
got the error again , how to fix it? thanks.

odmfuse_log.txt (32.0 KB)
fusecmd_log.txt (2.2 KB)

hello jakelin,

may I know what’s your actual use-case,
would you like to enable Jetson security? you don’t need to enable secureBoot to have massflash blob generation.

Hi Jerry,

Only use for factory assembly line , the operators will use the massflash blob to flashing empty xavier NX board,
so I don’t need the security , how to disable it?

@jakelin

The command line looks OK to me, could you please share the xml file odmfuse_pkc.xml ? and the logs from the seial uart ?

hello jakelin,

you cannot disable it, fuse programming is non-reversible.

Hi ilies.chergui,

odmfuse_pkc.xml and fuse log as the attachments.
thanks.
odmfuse_pkc.xml (116 Bytes)
odmfuse_log.txt (32.0 KB)

hello jakelin,

it looks you’re only generate fuse blob but not actually fuse the target.
there’s script file, odmfuseread.sh; please put the board into forced-recovery mode to check the fuse info for confirmation.
thanks

@jakelin

I agree with @JerryChang, it seems that you didn’t burn the tegra fuses.

  • Your odmfuse_pkc.xml
<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>

Hi Jerry,

This is the result after odm fuse reading :

PublicKeyHash: 0000000000000000000000000000000000000000000000000000000000000000
SecureBootKey: 00000000000000000000000000000000
Kek0: 00000000000000000000000000000000
Kek1: 00000000000000000000000000000000
Kek2: 00000000000000000000000000000000
Kek256: 0000000000000000000000000000000000000000000000000000000000000000
BootSecurityInfo: 00000000
JtagDisable: 00000000
SecurityMode: 00000000
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000

@ilies.chergui
Thank for your help, I will try fuses burn.

1 Like

hello jakelin,

that’s right, you didn’t burn the tegra fuses.

let’s back to your original issue. don’t you looking for massflash blob for factory assembly line?
it’s unnecessary to enable secureBoot to have massflash blob generation.