Hi NV team:
I try to enable UEFI Secure Boot with RSA 4096 at flashing time according Secure Boot — NVIDIA Jetson Linux Developer Guide, but it failed. But enabling UEFI Secure Boot with RSA 2048 at flashing time does work.
Reproduce steps:
-
Install Jetson Linux
$ tar -xpvf Jetson_Linux_r36.4.3_aarch64.tbz2 $ sudo tar -xpvf Tegra_Linux_Sample-Root-Filesystem_r36.4.3_aarch64.tbz2 -C Linux_for_Tegra/rootfs/ $ cd Linux_for_Tegra && sudo ./apply_binaries.sh -
Create keys for UEFI Secure Boot
$ cd Linux_for_Tegra $ mkdir -p uefi_keys $ cd uefi_keys $ GUID=$(uuidgen) ### Generate PK RSA Key Pair, Certificate, and EFI Signature List File $ openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -days 3650 -subj "/CN=my Platform Key/" -out PK.crt $ cert-to-efi-sig-list -g "${GUID}" PK.crt PK.esl ### Generate KEK RSA Key Pair, Certificate, and EFI Signature List File $ openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -days 3650 -subj "/CN=my Key Exchange Key/" -out KEK.crt $ cert-to-efi-sig-list -g "${GUID}" KEK.crt KEK.esl ### Generate db_1 RSA Key Pair, Certificate, and EFI Signature List File $ openssl req -newkey rsa:4096 -nodes -keyout db_1.key -new -x509 -sha256 -days 3650 -subj "/CN=my Signature Database key/" -out db_1.crt $ cert-to-efi-sig-list -g "${GUID}" db_1.crt db_1.esl ### Generate db_2 RSA Key Pair, Certificate, and EFI Signature List File $ openssl req -newkey rsa:4096 -nodes -keyout db_2.key -new -x509 -sha256 -days 3650 -subj "/CN=my another Signature Database key/" -out db_2.crt $ cert-to-efi-sig-list -g "${GUID}" db_2.crt db_2.esl ### Create UEFI keys config file $ cat <<EOL > uefi_keys.conf UEFI_DB_1_KEY_FILE="db_1.key"; # UEFI payload signing key UEFI_DB_1_CERT_FILE="db_1.crt"; # UEFI payload signing key certificate UEFI_DEFAULT_PK_ESL="PK.esl" UEFI_DEFAULT_KEK_ESL_0="KEK.esl" UEFI_DEFAULT_DB_ESL_0="db_1.esl" UEFI_DEFAULT_DB_ESL_1="db_2.esl" EOL ### Generate UefiDefaultSecurityKeys.dtbo $ cd ../ $ sudo tools/gen_uefi_keys_dts.sh uefi_keys/uefi_keys.conf $ sudo cp uefi_keys/UefiDefaultSecurityKeys.dtbo bootloader/ -
Flashing image with
$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --external-device nvme0n1p1 --uefi-keys uefi_keys/uefi_keys.conf -p "-c ./bootloader/generic/cfg/flash_t234_qspi.xml" -c ./tools/kernel_flash/flash_l4t_t234_nvme.xml --showlogs --network usb0 jetson-orin-nano-devkit externalThen below error is shown from debug uart:
I/TC: Asynchronous notifications are disabled ▒▒L4TLauncher: Attempting RCM Boot Failed to verify kernel image signature Failed to boot image: UnsupportedFull log is:
[0038.749] I> MB1 (version: 1.4.0.4-t234-54845784-e89ea9bc) [0038.754] I> t234-A01-0-Silicon (0x12347) Prod [0038.759] I> Boot-mode : Coldboot [0038.762] I> Entry timestamp: 0x00000000 [0038.766] I> last_boot_error: 0x0 [0038.769] I> BR-BCT: preprod_dev_sign: 0 [0038.772] I> rst_source: 0xb, rst_level: 0x1 [0038.777] I> Task: SE error check [0038.780] I> Task: Bootchain select WAR set [0038.784] I> Task: Enable SLCG [0038.787] I> Task: CRC check [0038.790] I> Task: Initialize MB2 params [0038.794] I> MB2-params @ 0x40060000 [0038.797] I> Task: Crypto init [0038.800] I> Task: Perform MB1 KAT tests [0038.804] I> Task: NVRNG health check [0038.808] I> NVRNG: Health check success [0038.811] I> Task: MSS Bandwidth limiter settings for iGPU clients [0038.817] I> Task: Enabling and initialization of Bandwidth limiter [0038.824] I> No request to configure MBWT settings for any PC! [0038.829] I> Task: Secure debug controls [0038.833] I> Task: strap war set [0038.836] I> Task: Initialize SOC Therm [0038.840] I> Task: Program NV master stream id [0038.844] I> Task: Verify boot mode [0038.850] I> Task: Alias fuses [0038.853] W> FUSE_ALIAS: Fuse alias on production fused part is not supported. [0038.860] I> Task: Print SKU type [0038.863] I> FUSE_OPT_CCPLEX_CLUSTER_DISABLE = 0x000001c0 [0038.869] I> FUSE_OPT_GPC_DISABLE = 0x00000002 [0038.873] I> FUSE_OPT_TPC_DISABLE = 0x000000f0 [0038.877] I> FUSE_OPT_DLA_DISABLE = 0x00000000 [0038.881] I> FUSE_OPT_PVA_DISABLE = 0x00000000 [0038.886] I> FUSE_OPT_NVENC_DISABLE = 0x00000000 [0038.890] I> FUSE_OPT_NVDEC_DISABLE = 0x00000000 [0038.895] I> FUSE_OPT_FSI_DISABLE = 0x00000001 [0038.899] I> FUSE_OPT_EMC_DISABLE = 0x00000000 [0038.903] I> FUSE_BOOTROM_PATCH_VERSION = 0x7 [0038.907] I> FUSE_PSCROM_PATCH_VERSION = 0x7 [0038.911] I> FUSE_OPT_ADC_CAL_FUSE_REV = 0x2 [0038.916] I> FUSE_SKU_INFO_0 = 0xd3 [0038.919] I> FUSE_OPT_SAMPLE_TYPE_0 = 0x3 PS [0038.923] I> FUSE_PACKAGE_INFO_0 = 0x2 [0038.927] I> SKU: Prod [0038.929] I> Task: Boost clocks [0038.932] I> Initializing NAFLL for BPMP_CPU_NIC. [0038.937] I> BPMP NAFLL: fll_lock = 1, dvco_min_reached = 0 [0038.942] I> BPMP NAFLL lock success. [0038.946] I> BPMP_CPU_NIC : src = 42, divisor = 0 [0038.950] I> Initializing PLLC2 for AXI_CBB. [0038.955] I> AXI_CBB : src = 35, divisor = 0 [0038.959] I> Task: Voltage monitor [0038.962] I> VMON: Vmon re-calibration and fine tuning done [0038.967] I> Task: UPHY init [0038.972] I> HSIO UPHY init done [0038.975] W> Skipping GBE UPHY config [0038.979] I> Task: Boot device init [0038.982] I> Boot_device: RCM [0038.985] I> USB configuration success [0038.989] I> Task: TSC init [0038.992] I> Task: Load membct [0038.995] I> RAM_CODE 0x4000001 [0038.998] I> Loading MEMBCT [0039.000] I> Slot: 0 [0039.002] I> Binary[0] block-0 (partition size: 0x40000) [0039.008] I> Binary name: MEM-BCT-0 [0039.011] I> Size of crypto header is 8192 [0039.015] I> Size of crypto header is 8192 [0039.019] I> BCH of MEM-BCT-0 read from storage [0039.023] I> BCH address is : 0x40050000 [0039.027] I> MEM-BCT-0 header integrity check is success [0039.033] I> Binary magic in BCH component 0 is MEM0 [0039.037] I> component binary type is 0 [0039.049] I> MEM-BCT-0 binary is read from storage [0039.054] I> MEM-BCT-0 binary integrity check is success [0039.059] I> Binary MEM-BCT-0 loaded successfully at 0x40040000 (0xe580) [0039.066] I> RAM_CODE 0x4000001 [0039.071] I> RAM_CODE 0x4000001 [0039.075] I> Task: Load Page retirement list [0039.079] I> Task: SDRAM params override [0039.083] I> Task: Save mem-bct info [0039.086] I> Task: Carveout allocate [0039.090] I> Update CCPLEX IST carveout from MB1-BCT [0039.094] I> ECC region[0]: Start:0x0, End:0x0 [0039.099] I> ECC region[1]: Start:0x0, End:0x0 [0039.103] I> ECC region[2]: Start:0x0, End:0x0 [0039.107] I> ECC region[3]: Start:0x0, End:0x0 [0039.112] I> ECC region[4]: Start:0x0, End:0x0 [0039.116] I> Non-ECC region[0]: Start:0x80000000, End:0x480000000 [0039.122] I> Non-ECC region[1]: Start:0x0, End:0x0 [0039.126] I> Non-ECC region[2]: Start:0x0, End:0x0 [0039.131] I> Non-ECC region[3]: Start:0x0, End:0x0 [0039.136] I> Non-ECC region[4]: Start:0x0, End:0x0 [0039.146] I> allocated(CO:43) base:0xbe000000 size:0x4000000 align: 0x200000 [0039.153] I> allocated(CO:39) base:0x47de00000 size:0x2200000 align: 0x10000 [0039.160] I> allocated(CO:20) base:0x47a000000 size:0x2000000 align: 0x2000000 [0039.167] I> allocated(CO:24) base:0x478000000 size:0x2000000 align: 0x2000000 [0039.175] I> allocated(CO:28) base:0x476000000 size:0x2000000 align: 0x2000000 [0039.182] I> allocated(CO:22) base:0x47c000000 size:0x1000000 align: 0x1000000 [0039.189] I> allocated(CO:35) base:0x475000000 size:0x1000000 align: 0x100000 [0039.196] I> allocated(CO:02) base:0x47d000000 size:0x800000 align: 0x800000 [0039.203] I> allocated(CO:03) base:0x474800000 size:0x800000 align: 0x800000 [0039.210] I> allocated(CO:06) base:0x474000000 size:0x800000 align: 0x800000 [0039.217] I> allocated(CO:56) base:0x473800000 size:0x800000 align: 0x200000 [0039.224] I> allocated(CO:07) base:0x47d800000 size:0x400000 align: 0x400000 [0039.231] I> allocated(CO:33) base:0x473400000 size:0x400000 align: 0x200000 [0039.238] I> allocated(CO:19) base:0x473180000 size:0x280000 align: 0x10000 [0039.244] I> allocated(CO:23) base:0x47dc00000 size:0x200000 align: 0x200000 [0039.251] I> allocated(CO:01) base:0x473000000 size:0x100000 align: 0x100000 [0039.258] I> allocated(CO:05) base:0x472f00000 size:0x100000 align: 0x100000 [0039.265] I> allocated(CO:08) base:0x472e00000 size:0x100000 align: 0x100000 [0039.272] I> allocated(CO:09) base:0x472d00000 size:0x100000 align: 0x100000 [0039.279] I> allocated(CO:12) base:0x472c00000 size:0x100000 align: 0x100000 [0039.286] I> allocated(CO:15) base:0x472b00000 size:0x100000 align: 0x100000 [0039.293] I> allocated(CO:17) base:0x472a00000 size:0x100000 align: 0x100000 [0039.300] I> allocated(CO:27) base:0x472900000 size:0x100000 align: 0x100000 [0039.307] I> allocated(CO:42) base:0x472800000 size:0x100000 align: 0x100000 [0039.314] I> allocated(CO:54) base:0x473100000 size:0x80000 align: 0x80000 [0039.321] I> allocated(CO:34) base:0x4727f0000 size:0x10000 align: 0x10000 [0039.327] I> allocated(CO:72) base:0x4725f0000 size:0x200000 align: 0x10000 [0039.334] I> allocated(CO:46) base:0x440000000 size:0x20000000 align: 0x20000000 [0039.342] I> allocated(CO:47) base:0x472000000 size:0x400000 align: 0x200000 [0039.348] I> allocated(CO:50) base:0x471e00000 size:0x200000 align: 0x100000 [0039.355] I> allocated(CO:48) base:0x4725d0000 size:0x20000 align: 0x10000 [0039.362] I> allocated(CO:69) base:0x4725b0000 size:0x20000 align: 0x10000 [0039.369] I> allocated(CO:49) base:0x4725a0000 size:0x10000 align: 0x10000 [0039.376] I> NSDRAM base: 0x80000000, end: 0x4725f0000, size: 0x3f25f0000 [0039.382] I> Task: Thermal check [0039.385] I> Using min_chip_limit as min_tmon_limit [0039.390] I> Using max_chip_limit as max_tmon_limit [0039.395] I> BCT max_tmon_limit = 105 [0039.398] I> BCT min_tmon_limit = -28 [0039.402] I> BCT max_tmon_limit = 105 [0039.405] I> BCT min_tmon_limit = -28 [0039.409] I> SKU specific max_chip_limit = 105 [0039.413] I> SKU specific min_chip_limit = -28 [0039.417] I> BCT max_chip_limit = 105 [0039.421] I> BCT min_chip_limit = -28 [0039.424] I> enable_soctherm_polling = 0 [0039.428] I> max temp read = 43 [0039.431] I> min temp read = 41 [0039.434] I> Enabling thermtrip [0039.437] I> Task: Update FSI SCR with thermal fuse data [0039.442] I> Task: Enable WDT 5th expiry [0039.446] I> Task: I2C register [0039.449] I> Task: Set I2C bus freq [0039.452] I> Task: Reset FSI [0039.455] I> Task: Pinmux init [0039.458] I> skipped mmio_addr = 0x9240008 [0039.462] I> skipped mmio_addr = 0x9240000 [0039.466] I> skipped mmio_addr = 0x9240010 [0039.470] I> skipped mmio_addr = 0x9240018 [0039.474] I> skipped mmio_addr = 0x9240020 [0039.478] I> skipped mmio_addr = 0x9240030 [0039.482] I> skipped mmio_addr = 0x9240028 [0039.486] I> skipped mmio_addr = 0x9240038 [0039.490] I> skipped mmio_addr = 0x9240040 [0039.494] I> skipped mmio_addr = 0x9240048 [0039.498] I> skipped mmio_addr = 0x9241000 [0039.502] I> skipped mmio_addr = 0x9241008 [0039.506] I> skipped mmio_addr = 0x9241010 [0039.510] I> skipped mmio_addr = 0x9241018 [0039.514] I> skipped mmio_addr = 0x9241020 [0039.518] I> skipped mmio_addr = 0x9241028 [0039.522] I> skipped mmio_addr = 0x9241030 [0039.525] I> skipped mmio_addr = 0x9241038 [0039.529] I> skipped mmio_addr = 0x9241040 [0039.533] I> skipped mmio_addr = 0x9242000 [0039.537] I> skipped mmio_addr = 0x9242008 [0039.541] I> Task: Prod config init [0039.545] I> Task: Pad voltage init [0039.548] I> Task: Prod init [0039.551] I> Task: Program rst req config reg [0039.555] I> Task: Common rail init [0039.558] I> DONE: Thermal config [0039.562] W> DEVICE_PROD: module = 13, instance = 4 not found in device prod. [0039.570] I> DONE: SOC rail config [0039.574] W> PMIC_CONFIG: Rail: MEMIO rail config not found in MB1 BCT. [0039.581] I> DONE: MEMIO rail config [0039.585] W> PMIC_CONFIG: Rail: GPU rail info not found in MB1 BCT. [0039.591] I> DONE: GPU rail info [0039.594] W> PMIC_CONFIG: Rail: CV rail info not found in MB1 BCT. [0039.600] I> DONE: CV rail info [0039.603] I> Task: Mem clock src [0039.606] I> Task: Misc. board config [0039.610] I> PMIC_CONFIG: Platform config not found in MB1 BCT. [0039.616] I> Task: SDRAM init [0039.619] I> MemoryType: 4 MemBctRevision: 1 [0039.625] I> MSS CAR: PLLM/HUB programming for MemoryType: 4 and MemBctRevision: 1 [0039.633] I> MSS CAR: Init PLLM [0039.636] I> MSS CAR: Init PLLHUB [0039.641] I> Encryption: MTS: en, TX: en, VPR: en, GSC: en [0039.652] I> SDRAM initialized! [0039.655] I> SDRAM Size in Total 0x400000000 [0039.659] I> Task: Dram Ecc scrub [0039.662] I> Task: DRAM alias check [0039.672] I> Task: Program NSDRAM carveout [0039.676] I> NSDRAM carveout encryption is enabled [0039.681] I> Program NSDRAM carveout [0039.684] I> Task: Register checker [0039.688] I> Task: Enable clock-mon [0039.692] I> FMON: Fmon re-programming done [0039.696] I> Task: Mapper init [0039.699] I> Task: SC7 Context Init [0039.702] W> SC7_CONTEXT_SAVE: SC7 ctx save is not supported. [0039.708] I> Task: CCPLEX IST init [0039.711] I> Task: CPU WP0 [0039.714] I> Loading MCE [0039.716] I> Slot: 0 [0039.718] I> Binary[8] block-134217728 (partition size: 0x80000) [0039.724] I> Binary name: MCE [0039.727] I> Size of crypto header is 8192 [0039.731] I> Size of crypto header is 8192 [0044.666] I> BCH of MCE read from storage [0044.669] I> BCH address is : 0x4003e000 [0044.673] I> MCE header integrity check is success [0044.678] I> Binary magic in BCH component 0 is MTSM [0044.683] I> component binary type is 8 [0044.686] I> Size of crypto header is 8192 [0044.694] I> MCE binary is read from storage [0044.698] I> MCE binary integrity check is success [0044.703] I> Binary MCE loaded successfully at 0x40000000 (0x2baf0) [0044.709] I> Size of crypto header is 8192 [0044.713] I> Sending WP0 mailbox command to PSC [0044.722] I> Task: XUSB Powergate [0044.725] I> Skipping powergate XUSB. [0044.729] I> Task: MB1 fixed firewalls [0044.735] W> Firewall readback mismatch [0044.740] I> Task: Load bpmp-fw [0044.743] I> Slot: 0 [0044.745] I> Binary[15] block-251658240 (partition size: 0x180000) [0044.751] I> Binary name: BPMP_FW [0044.754] I> Size of crypto header is 8192 [0044.758] I> Size of crypto header is 8192 [0044.762] I> BCH of BPMP_FW read from storage [0044.766] I> BCH address is : 0x807fe000 [0044.770] I> BPMP_FW header integrity check is success [0044.775] I> Binary magic in BCH component 0 is BPMF [0044.780] I> component binary type is 15 [0044.784] I> Size of crypto header is 8192 [0044.805] I> BPMP_FW binary is read from storage [0044.811] I> BPMP_FW binary integrity check is success [0044.816] I> Binary BPMP_FW loaded successfully at 0x80000000 (0xf8bc0) [0044.823] I> Slot: 0 [0044.825] I> Binary[16] block-268435456 (partition size: 0x400000) [0044.831] I> Binary name: BPMP_FW_DTB [0044.834] I> Size of crypto header is 8192 [0044.838] I> Size of crypto header is 8192 [0044.842] I> BCH of BPMP_FW_DTB read from storage [0044.847] I> BCH address is : 0x807fc000 [0044.851] I> BPMP_FW_DTB header integrity check is success [0044.856] I> Binary magic in BCH component 0 is BPMD [0044.861] I> component binary type is 16 [0044.865] I> Size of crypto header is 8192 [0044.875] I> BPMP_FW_DTB binary is read from storage [0044.880] I> BPMP_FW_DTB binary integrity check is success [0044.886] I> Binary BPMP_FW_DTB loaded successfully at 0x807a06b0 (0x5b940) [0044.893] I> Task: BPMP fw ast config [0044.896] I> Task: Load psc-fw [0044.899] I> Slot: 0 [0044.901] I> Binary[17] block-285212672 (partition size: 0xc0000) [0044.907] I> Binary name: PSC_FW [0044.910] I> Size of crypto header is 8192 [0044.914] I> Size of crypto header is 8192 [0044.918] I> BCH of PSC_FW read from storage [0044.922] I> BCH address is : 0x80ffe000 [0044.926] I> PSC_FW header integrity check is success [0044.931] I> Binary magic in BCH component 0 is PFWP [0044.936] I> component binary type is 17 [0044.940] I> Size of crypto header is 8192 [0044.949] I> PSC_FW binary is read from storage [0044.954] I> PSC_FW binary integrity check is success [0044.959] I> Binary PSC_FW loaded successfully at 0x80fb4210 (0x49df0) [0044.965] I> Task: Load nvdec-fw [0044.968] I> Slot: 0 [0044.970] I> Binary[7] block-117440512 (partition size: 0x100000) [0044.976] I> Binary name: NVDEC [0044.979] I> Size of crypto header is 8192 [0044.983] I> Size of crypto header is 8192 [0044.987] I> BCH of NVDEC read from storage [0044.991] I> BCH address is : 0x800fe000 [0044.995] I> NVDEC header integrity check is success [0045.000] I> Binary magic in BCH component 0 is NDEC [0045.005] I> component binary type is 7 [0045.008] I> Size of crypto header is 8192 [0045.017] I> NVDEC binary is read from storage [0045.022] I> NVDEC binary integrity check is success [0045.027] I> Binary NVDEC loaded successfully at 0x80000000 (0x46000) [0045.035] I> Task: Load tsec-fw [0045.038] I> TSEC-FW load support not enabled [0045.043] I> Task: GPIO interrupt map [0045.046] I> Task: SC7 context save [0045.050] W> SC7_CONTEXT_SAVE: SC7 ctx save is not supported. [0045.055] I> Task: Load MB2/Applet/FSKP [0045.059] I> Loading MB2 [0045.061] I> Slot: 0 [0045.063] I> Binary[6] block-100663296 (partition size: 0x80000) [0045.069] I> Binary name: MB2 [0045.072] I> Size of crypto header is 8192 [0045.076] I> Size of crypto header is 8192 [0045.080] I> BCH of MB2 read from storage [0045.084] I> BCH address is : 0x8007e000 [0045.088] I> MB2 header integrity check is success [0045.092] I> Binary magic in BCH component 0 is MB2B [0045.097] I> component binary type is 6 [0045.101] I> Size of crypto header is 8192 [0045.112] I> MB2 binary is read from storage [0045.117] I> MB2 binary integrity check is success [0045.122] I> Binary MB2 loaded successfully at 0x80000000 (0x69a70) [0045.128] I> Task: Map CCPLEX SHARED carveout [0045.132] I> Task: Prepare MB2 params [0045.136] I> Task: Dram ecc test [0045.139] I> Task: Misc NV security settings [0045.143] I> NVDEC sticky bits programming done [0045.148] I> Successfully powergated NVDEC [0045.152] I> Task: Disable/Reload WDT [0045.155] I> Task: Program misc carveouts [0045.159] I> Program IPC carveouts [0045.162] I> Task: Disable SCPM/POD reset [0045.166] I> SLCG Global override status := 0x0 [0045.171] I> MB1: MSS reconfig completed I> MB2 (version: 0.0.0.0-t234-54845784-22833a33) I> t234-A01-0-Silicon (0x12347) I> Boot-mode : RCM BOOT I> Emulation: I> Entry timestamp: 0x02b1b15d I> Regular heap: [base:0x40040000, size:0x10000] I> DMA heap: [base:0x473800000, size:0x800000] I> Task: SE error check I> Task: Crypto init I> Task: MB2 Params integrity check I> Task: Enable CCPLEX WDT 5th expiry I> Task: ARI update carveout TZDRAM I> Task: Configure OEM set LA/PTSA values I> Task: Check MC errors I> Task: SMMU external bypass disable I> Task: Enable hot-plug capability I> Task: Set blob address I> Task: TZDRAM heap init I> Task: PSC mailbox init I> Task: Enable clock for external modules I> Task: Measured Boot init I> Task: fTPM silicon identity init I> fTPM is not enabled. I> Task: I2C register I> Task: Map CCPLEX_INTERWORLD_SHMEM carveout I> Task: Program CBB PCIE AMAP regions I> Task: Pass DRAM ECC PRL Flag to FSI I> Task: Load and authenticate registered FWs I> Task: Load AUXP FWs I> Successfully register SPE FW load task with MB2 loader I> Successfully register RCE FW load task with MB2 loader I> Successfully register DCE FW load task with MB2 loader I> Unpowergating APE I> Unpowergate done I> Successfully register APE FW load task with MB2 loader I> Skipping FSI FW load I> Successfully register XUSB FW load task with MB2 loader I> Successfully register PVA FW load task with MB2 loader I> spe: Authentication Finalize Done I> Binary spe loaded successfully at 0x472e00000 I> rce: Authentication Finalize Done I> Binary rce loaded successfully at 0x472a00000 I> dce: Authentication Finalize Done I> Binary dce loaded successfully at 0x47a000000 I> ape: Authentication Finalize Done I> Binary ape loaded successfully at 0x47d800000 I> xusb: Authentication Finalize Done I> Binary xusb loaded successfully at 0x472f00000 I> pva-fw: Authentication Finalize Done I> Binary pva-fw loaded successfully at 0x473180000 I> Task: Check MC errors I> Task: Carveout setup I> Program remaining OEM carveouts I> Task: Enable FSI VMON I> Task: Restore XUSB sec I> Task: Enable FSI SE clock I> Task: Initialize SBSA UART CAR I> Task: Initialize CPUBL Params I> CPUBL-params @ 0x476000000 I> Task: Prepare eeprom data I> Task: Unpowergate APE W> mb2_unpowergate_ape: skip! APE is in unpowergated state I> Task: Memctrl reconfig pending clients I> Task: OEM firewalls I> OEM firewalls configured I> Task: Powergate APE I> Powergating APE I> Powergate done I> Task: OEM firewall restore saved settings I> Task: Unhalt AUXPs I> Unhalting SPE.. I> Enabling combined UART ▒▒▒▒spe: early_init ▒▒▒▒vic initialized ▒▒▒▒tsc initialized ▒▒▒▒aon lic initialized ▒▒▒▒spe: tag is 5243985d1b1eb3f06fac6d36bd7e74ac ▒▒▒▒spe: SafeRTOS v8.4 ▒▒▒▒spe: init ▒▒▒▒scheduler initialized ▒▒▒▒aon hsp initialized ▒▒▒▒tag initialized ▒▒▒▒tcu initialized ▒▒▒▒bpmp ipc initialized ▒▒▒▒spe: late init ▒▒▒▒cpu_nic clock initialized ▒▒▒▒apb clock initialized ▒▒▒▒pm initialized ▒▒▒▒bpmp hsp initialized ▒▒▒▒top1 hsp initialized ▒▒▒▒ccplex ipc initialized ▒▒▒▒spe: start scheduler ▒▒▒▒ I> Task: Trigger mailbox for PSC-BL1 exit I> Sending opcode 0x4d420802 to psc I> Received ACK from psc I> Task: Start secure NOR provision I> Skip Secure NOR provisioning I> Task: Trigger load FSI keyblob I> Task: Complete load FSI keyblob I> Task: MB2-PSC_FW Key Manager Init I> Sending opcode OP_PSC_KEY_MANAGER to psc-fw I> Sending opcode 0x4b45594d to psc ▒▒ hwwdt_init: WDT boot cfg 0x710010 sts 0x10 bpmp: socket 0 bpmp: base binary md5 is da583751bbfe2b7f6e204562d97ff39e bpmp: combined binary md5 is dc3fd3cac60f9b918e11d435834d12a3 bpmp: firmware tag is dc3fd3cac60f9b918e11-da583751bbf initialized vwdt initialized mail_early initialized fuse initialized vfrel initialized adc fmon_populate_monitors: found 199 monitors initialized fmon initialized mc initialized reset initialized uphy_early initialized emc_early initialized pm 465 clocks registered initialized clk_mach initialized clk_cal_early initialized clk_mach_early_config initialized io_dpd initialized soctherm initialized regime initialized i2c vrmon_dt_init: vrmon node not found vrmon_chk_boot_state: found 0 rail monitors initialized vrmon initialized regulator ▒▒I> Received ACK from psc I> Task: Unhalt FSI I> FSI unhalt skipped I> Task: Unhalt AUXPs I> Unhalting RCE I> RCE unhalt successful I> Unhalting DCE I> DCE unhalt successful I> APE unhalt skipped I> ▒▒initialized avfs_clk_platform initialized powergate ▒▒Task: ▒▒[ 6.712306] Camera-FW on t234-rce-safe started ▒▒ini▒▒TCU early console enabled. ▒▒tialized dvs initialized clk_mach_config suspend progress: 0x0 initialized suspend initialized strap initialized mce_dbell ▒▒Load HV/CPUBL I> Task: Load TOS I> Task: Trigger load TSEC leyblob I> Sending opcode 0x53535452 to psc I> Sent opcode to psc I> Task: Load and authenticate registered FWs ▒▒ ▒▒I> MB2-params @ 0x40060000 I> NSDRAM carveout base: 0x80000000, size: 0x3f25f0000 I> cpubl_params: nsdram: carveout: 1, encryption: 1 I> cpubl: Authentication Finalize Done I> Binary cpubl loaded successfully at 0x4720▒▒initialized emc initialized emc_mrq ▒▒00000 ▒▒DCE Started ▒▒initialized clk_cal initialized uphy_dt initialized uphy_mrq HSIO UPHY reset has been de-asserted 0x0 initialized uphy ▒▒DCE_R5_Init ▒▒I> tos: Auth▒▒initialized pg_late initialized pg_mrq_init swdtimer_init: reg polling start w period 47 ms initialized swdtimer initialized hwwdt_late initialized bwmgr initialized thermal_host_trip initialized thermal_mrq initialized oc_mrq initialized reset_mrq initialized mail_mrq initialized fmon_mrq initialized clk_mrq initialized avfs_mrq initialized i2c_mrq initialized tag_mrq initialized bwmgr_mrq initialized console_mrq missing prod DT calibration data for 199 fmons initialized clk_sync_fmon_post ▒▒entication Finalize Done I> Binary tos loaded successfully at 0xc1d353b0 ▒▒MPU enabled DCE▒▒initialized clk_cal_late initialized noc_late initialized cvc ▒▒_SW_Init ▒▒I> Relocating OP-T▒▒initialized avfs_clk_mach_post initialized avfs_clk_platform_post initialized cvc_late WARNING @ [platform/drivers/rm/rm.c]: shared rails 0/2 have not matching zones 0/1 WARNING @ [platform/drivers/rm/rm.c]: shared rails 0/3 have not matching zone list sizes 1/3 WARNING @ [platform/drivers/rm/rm.c]: shared rails 0/3 have not matching zones 0/2 WARNING @ [platform/drivers/rm/rm.c]: shared rails 2/0 have not matching zones 1/0 WARNING @ [platform/drivers/rm/rm.c]: shared rails 2/3 have not matching zone list sizes 1/3 WARNING @ [platform/drivers/rm/rm.c]: shared rails 2/3 have not matching zones 1/2 WARNING @ [platform/drivers/rm/rm.c]: shared rails 3/0 have not matching zone list sizes 3/1 WARNING @ [platform/drivers/rm/rm.c]: shared rails 3/0 have not matching zones 2/0 WARNING @ [platform/drivers/rm/rm.c]: shared rails 3/2 have not matching zone list sizes 3/1 WARNING @ [platform/drivers/rm/rm.c]: shared rails 3/2 have not matching zones 2/1 initialized rm initialized console_late handling unreferenced clks enable can1_core enable can1_host enable can2_core enable can2_host enable pwm3 ena▒▒[ 6.947815] Camera-FW on t234-rce-safe ready SHA1=e2238c99 (crt 12.421 ms, total boot ▒▒ble sdmmc4_axicif enable mss_encrypt enable maud enable pllg_ref enable ds▒▒249.002 ms) ▒▒i_core enable aza_2xbit enable usb2_trk enable xusb_ss_dev enable xusb_fs_dev enable xusb_falcon enable dsi_lp enable xusb_core_mux enable xusb_core_dev initialized clk_mach_post initialized pg_post initialized regulator_post initialized profile initialized mrq initialized patrol_scrubber initialized cactmon initialized extras_post bpmp: init complete ▒▒EE dtb fr▒▒Admin Task Init Admin Task Init complete Print Task Init RM Task Init SHA Task Init Admin Task Started DCE SC7 SHA Enabled RM Task Started RM Task Running Print Task Started Print Task Running SHA Task Started DCE: FW Boot Complete Admin Task Running SHA Task Running ▒▒om: 0xc1eff530 to 0xbe040020, size: 0x2754 I> [0] START: 0x80000000, SIZE: 0x3f25f0000 I> [1] START: 0x476000000, SIZE: 0x2000000 I> Setting NS memory ranges to OP-TEE dtb finished. I> eks: Authentication Finalize Done I> Binary eks loaded successfully at 0xbe020000 I> EKB detected (length: 0x410) @ VA:0xbe020000 I> Task: Add cpubl params integrity check I> Added cpubl params digest. I> Task: Prepare TOS params I> Setting EKB blob info to OPTEE dtb finished. I> Setting OPTEE arg3: 0xbe040020 I> NVRNG: Health check success I> NVRNG: Health check success I> Task: Disable MSS perf stats I> Task: Program display sticky bits I> Task: SMMU init I> Task: Program GICv3 registers I> Task: Audit firewall settings I> Task: Clear dec source key I> MB2 finished ▒▒NOTICE: BL31: v2.8(release):e12e3fa93 NOTICE: BL31: Built : 17:14:28, Jan 7 2025 I/TC: I/TC: Non-secure external DT found I/TC: OP-TEE version: 4.2 (gcc version 11.3.0 (Buildroot 2022.08)) #2 Wed Jan 8 01:24:03 UTC 2025 aarch64 I/TC: WARNING: This OP-TEE configuration might be insecure! I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html I/TC: Primary CPU initializing I/TC: Test OEM keys are being used. This is insecure for shipping products! I/TC: fTPM ID is not enabled. I/TC: ftpm-helper PTA: fTPM DT or EKB is not available. fTPM provisioning is not supported. I/TC: Primary CPU switching to normal world boot ▒▒ JetsonMinimal UEFI firmware (version 36.4.3-gcid-38968081 built on 2025-01-08T01:16:03+00:00) ▒▒[ 8.844810] Camera-FW on t234-rce-safe started TCU early console enabled. ▒▒ ▒▒[ 8.891966] Camera-FW on t234-rce-safe ready SHA1=e2238c99 (crt 0.893 ms, total boot 48.099 ms) ▒ ▒▒I/TC: Reserved shared memory is disabled I/TC: Dynamic shared memory is enabled I/TC: Normal World virtualization support is disabled I/TC: Asynchronous notifications are disabled ▒▒L4TLauncher: Attempting RCM Boot Failed to verify kernel image signature Failed to boot image: Unsupported