We are trying to burn the ODM_RESERVED[0-3] fuses (on L4T 35.4.1). This works if we do it before burning any other fuses, but after we burn the KEK, PKC & ODM_PRODUCTION_MODE the driver does not burn the ODM_RESERVED[0-3] anymore. There is no error message in the kernel log.
The fuse specification document says that the ODM_RESERVED fuses should still be burnable when the ODM_PRODUCTION_MODE fuse is burned. This is also what I find in the code if I look at the tegra-fuse-burn driver. I don’t want to experiment too much with this because the fuse burning is irreversible and I don’t want to ruin the modules.
that’s incorrect approach for burning fuse.
you may put the target enter forced-recovery mode, and running with odmfuse.sh.
please see-also developer guide, Sign and Flash Secured Images in Separate Steps.
FYI,
it’s suggest to burn all fuses together even though ODM_RESERVED fuses could be add after ODM_PRODUCTION. once SecurityMode has burned, there is no way back. (even by adding keys to non-fuse fields)
hence, the recommended way is to burn all fuses together instead of burning fuses step-by-step.
According to the documentation the the ODM_RESERVED fuses are field programmable. How are we supposed to burn them in the field if it has to be done through recovery mode? We are already burning all the other fuses in one step during production. The ODM_RESERVED fuses we cannot burn yet at that time, because their content is not known at that point.
The fuse specification clearly says that they can be burned in the field: “The consecutive registers are reserved for the customer use, including ODM/software versioning. These fuses are field programmable, Reserved_ODM{0:3} can be individually locked against further burning using corresponding bits in ODM_Lock, bit [b] locks Reserved_ODM{b}.”. Also from the source code of the kernel driver it is clear that the kernel driver can be used for burning the fuses, so why do you say we cannot use it? It works fine, if the other fuses aren’t burned yet. So to me this just looks like a bug.
We need a way to burn the ODM_RESERVED fuses at the end of our production line from the linux kernel. Can you maybe suggest another way that we can use, if our current sysfs method is not recommended?
FYI, it should be possible to burn ODM fuse from kernel. (I’ll also revise my previous comments)
however, let me arrange resources to check whether fuse burning is allowed from non-secure zone.
it should be the same for burning that fuse variable.
please setup $ dmesg --follow to gather the kernel logs when you trying to blow reservled_odm fuses in the field.
Hi @JerryChang, Has there been any progress on your side trying to reproduce this issue? We are still blocked on this as we cannot burn the fuses at the moment.
sorry for late reply, we’ve also checked with internal team for this. (we had no conclusions yet)
anyways, by checking [Fuse Specification Application Note], could you please examine this fuse variable, FUSE_SECURE_PROVISION_INFO, and sharing the results for reference.
also, please install this utility… $ sudo apt-get install busybox
and dumping the register 0x03820028 for confirmation, i.e. $ sudo busybox devmem 0x03820028
Thank you for your reply. How can I read the FUSE_SECURE_PROVISION_INFO fuse? I don’t see a matching file in the sysfs entries. The register dump is below.
we’re able to reproduce this issue locally. fuse burn is working before we burn production_mode fuse.
however, it’s not root cause yet. we need more time for digging into this.
Yes we are still waiting for a solution to the problem. We really need to have the ability to burn these fuses after the other security fuses have been burned.