Can't read fuses or boot after burning fuses

Robotics & Edge Computing Jetson & Embedded Systems Jetson AGX Orin
1

Hello Nvidia forums,

I followed the guide Secure Boot — NVIDIA Jetson Linux Developer Guide to create a fuse file, fuse the board, then attempted to boot. After fusing I can’t boot, flash, or read the fuses back.
I’m using Orin AGX Devkit and 36.4.3.
My fuse.xml:

<genericfuse MagicId="0x45535546" version="1.0.0">
  <fuse name="PublicKeyHash" size="64" value="0xXXXXXXXXXXXXXXXXXXXb99515a20d616847320b1513e33398413126693cd433ba32452b6f1c68fae73a5e45c71d77148d5cb435583eeec6510116ef6938cd7d3"/>
  <fuse name="SecureBootKey" size="32" value="0xXXXXXXXXXXXXXXXXXXX63a18b86ca147ce6c8343b2c1dc95fd4791ce5b75414a"/>
  <fuse name="OemK1" size="32" value="0xXXXXXXXXXXXXXXXXXXXcbd87ed4ceee307a3d7baef0c6e94fd7094aa6a7cbb69"/>
  <fuse name="BootSecurityInfo" size="4" value="0x20a"/>
</genericfuse>

Note that I’m using an ECP256 key and I didn’t set production mode.

My command line:

sudo ./odmfuse.sh -i 0x23 -k ../keys/ecp256.pem -S ../keys/sbk.key -X fuse.xml jetson-agx-orin-devkit

My fuse log is attached.
fuseburn.log (99.5 KB)

When I try to flash or read fuses afterward I get a similar error:

sudo ./odmfuseread.sh -i 0x23 -S ~/jetson_install/keys/sbk.key -k ~/jetson_install/keys/ecp256.pem jetson-agx-orin-devkit

The end of the fuse read command looks like this:

[   0.5983 ] Boot Rom communication
[   0.5987 ] tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   0.5991 ] BR_CID: 0xAA012344705DD4431800000016FF01C0
[   0.6001 ] Sending bct_br
[   0.6002 ] Sending mb1
[   0.6005 ] ERROR: might be timeout in USB write.
Error: Return value 3
Command tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   0.6036 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   0.6047 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   0.6056 ] Retrieving board information
[   0.6059 ] tegrarcm_v2 --chip 0x23 0 --oem platformdetails chip chip_info.bin
[   0.6066 ] Retrieving EEPROM data
[   0.6067 ] tegrarcm_v2 --oem platformdetails eeprom cvm /home/calum/jetson_install/Linux_for_Tegra/bootloader/cvm.bin --chip 0x23 0
[   0.6078 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   0.6087 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   0.6091 ] Dumping customer Info
[   0.6095 ] tegrarcm_v2 --chip 0x23 0 --oem dump bct tmp.bct
[   0.6104 ] tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/calum/jetson_install/Linux_for_Tegra/bootloader/custinfo_out.bin
[   0.6107 ] File tmp.bct open failed
Error: Return value 19
Command tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/calum/jetson_install/Linux_for_Tegra/bootloader/custinfo_out.bin
Reading board information failed.

fuseread.log (19.6 KB)

I get a similar error when flashing with

sudo ./flash.sh -v ~/jetson_install/keys/sbk_nox.key -u ~/jetson_install/keys/ecp256.pem  jetson-agx-orin-devkit internal

And the board is stuck in recovery mode:

$ lsusb|grep NVI
Bus 001 Device 031: ID 0955:7023 NVIDIA Corp. APX

So is there any way for me to flash or boot the board, or verify the fuse values? Or is my board bricked?

5

hello c.blair,

it looks you’re able to parse BR_CID, however, it’s timeout in USB write.

please try disable autosuspend on host PC with below command:
sudo -s
echo -1 > /sys/module/usbcore/parameters/autosuspend
plug out the USB cable, put jetson back into recovery mode again and plug the usb cable back.