Burning fuses with fskp_fuseburn.py outputs succes but does not actually burn the fuses

Robotics & Edge Computing Jetson & Embedded Systems Jetson Orin Nano
,
1

Hello

I tried to follow fuse burning process with FSKP from secure boot https://docs.nvidia.com/jetson/archives/r36.4/DeveloperGuide/SD/Security/FSKP.html#sd-security-fskp. On a Jetson Orin Nano with Jetson Linux 36.4

I used the following command to generate the fuse_blob:

sudo ./fskp_fuseburn.py --board-spec orinnano-board-spec.txt -f ../../../../keys/fuse_config.xml -i 63 --test --key-exp fskp_ak.bin fskp_ek.bin --fskpcfg fskp_conf.txt -g out/ -c 0x23 -B ../../../../jetson-orin-nano-devkit.conf

And then the following command to test burn the fuses:

sudo ./fskp_fuseburn.py --board-spec orinnano-board-spec.txt -P ./out -c 0x23 -B ../../../../jetson-orin-nano-devkit.conf --test

And after that, this command to actually burn the fuses:

sudo ./fskp_fuseburn.py --board-spec orinnano-board-spec.txt -P ./out -c 0x23 -B ../../../../jetson-orin-nano-devkit.conf -b

I get a success message output:

Linux_for_Tegra/l4t/tools/flashtools/fuseburn$ sudo ./fskp_fuseburn.py --board-spec orinnano-board-spec.txt -P ./out -c 0x23 -B ../../../../jetson-orin-nano-devkit.conf -b
FSKP execution started 2025-03-13 17:36:44.948915
fskp_fuseburn.py script version 0.2
Parsing input arguments
fskp_fuseburn.py script version 0.2
Parsing input arguments
Setting up default paths
Setup host environment
Found NVIDIA device ID 0x7523
Getting target details
BR_CID: 0x80012344705DE5196C000000100102C0
ECID: 0x4705DE5196C000000100102C0
WARNING!! Burning Fuses option is selected, this operation is permanent and irreversible
if you are not sure, try with --test or -t command line option
do you want to continue burning fuses (Yes/No) yes
Downloading FSKP blob to target

WARNING!! Target will automatically reset once burning fuses is complete.
          If you are going to continue doing secure NOR provisioning, please DO NOT power off the system
FSKP execution successful
FSKP execution time 0:00:13.203445

But when i read the fuses, all are in 0. Also on the messages from the UART output from the board, there is a message that says the Secure boot is disabled.

Here is my fuse config file:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x99a6b7d25ffd5d7cc49bf2612d01d7fe58b5121f9c473748728232bc114c25ae2415d56666157c79fc9bf0e3b4445344ff8af51a64f334289912cdff7414fa00"/>
    <fuse name="SecureBootKey" size="32" value="0x8acf54e1c1372a143fd79873d16111174f8d7450c2e93597d6e019c0d3a3952f"/>
    <fuse name="BootSecurityInfo" size="4" value="0x9"/>
</genericfuse>`

I attached the log from the UART output.
fuseburned.log (173.4 KB)

What could be reason for the fuses not being burned?

4

Dear customer,

We’re not support this function for forum users.
Please reach out your Nvidia contact person for discussion and the support.

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.