Changing Device Tree with Signing (Nvidia Jetpack 4.3.1)

Hello,
can anyone give me an guide for changing the device tree for the jetson xavier also with signing the device tree for the Nvidia Jetpack 4.3.1. Mainly i tried to change the device tree because of new hardware components but booting fails afterwards. I also signed the kernel but the jetson did not started afterwards. Are there any special things which should be care of ?

Kind regards.

hello markus.gruber4,

you may include --no-flash options to flash scripts, it’ll perform all steps except physically flashing the board.
if you also adding -k options to specify partition name, (i.e. kernel-dtb), it’ll generate signed and encrypted device tree binary locally.
please refer to Flash Script Usage for command descriptions.

BTW,
it’s also CBoot feature to look extlinux.conf configuration file for loading binaries.
you may refer to CBoot chapter, and check [Kernel Boot Sequence Using extlinux.conf] session for more details.
thanks

Somewhere i read that it is not possbile to change the device tree manually so it must be overwritten but now it is possible ?

hello markus.gruber4,

I don’t understand were you found this erroneous information,
device tree sources were public release with L4T sources package, and you may refer to Building the NVIDIA Kernel session for the steps to build the NVIDIA kernel.

Ok but i did similar things like here , Modifying Jetson TX2 Device Tree without having to flash TX2 for the jetson xavier can be this a problem if am writing to a wrong boot section or harming the hardware in anyway ?

The change of device tree is mainly related to d3 because we want to write our own camera driver for this board. Kind regards.

Flashing der Device Tree should also work like here:

sudo ./flash.sh -r -k DTB -d <path/to/device tree> mmcblk0p1 jetson-tx2

Kind regards !!!

So if i choose a different name like the original device tree on the jetson xavier, it will not overwrite the current (original file), it will only add an file to it.

Kind regards

hello markus.gruber4,

please note that, you may also refer to $OUT/Linux_for_Tegra/bootloader/flash.xml for correct partition names,
you should enable below commands to flash device tree partition for your Jetson AGX Xavier.
for example,
$ sudo ./flash.sh -r -k kernel-dtb jetson-xavier mmcblk0p1

that’ll looking for device tree binary from default path, i.e. $OUT/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb,
and this command will only perform partition update by writing this binary file to kernel-dtb partition.
if you’re assign -d options, you should also specify the path name of a device tree file for flashing.
thanks

So does it overwrite the current device tree or does it add an additional device tree if am going to choose an different name ?

Kind Regards

hello markus.gruber4,

if you’re using flash commands, it’ll update kernel-dtb partition to overwrite device tree binary.
there’re different ways to load device tree,
for example, (1) device tree could load from kernel-dtb partition, or (2) according to post #3, it’s also CBoot feature to look extlinux.conf configuration file for loading binaries. you may specify FDT entry to include the name of the device tree binary file.
thanks

I think it is better don’t overwrite the device tree but singing and copying ? and afterwards changing the file path ?

Kind regards

hello markus.gruber4,

you may consider the approach (2) as I mentioned in post #11, by simply update extlinux.conf configuration file to assign FDT entry for loading device tree.
thanks

Thx but there must be both files uploaded the signed and unsigned (binary) file ?

Kind regards.

hello markus.gruber4,

it’s unnecessary to sign and encrypt the binary file by yourself.
you may copy the device tree binary to your target, assign the file path to FDT entry.
thanks

Maybe we both talked past, but there it is written: https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3243/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide%2Fbootflow_jetson_xavier.html%23wwpID0E0FB0HA : “To support Secureboot, each kernel binary and kernel-dtb binary must be signed with a signature file. CBoot authenticates the kernel binary and kernel-dtb binary with their respective signature files. CBoot assumes that a signature file is in the same folder as the corresponding binary file, and has the same filename with the extension .sig.”
So i guess the binary and signed file mus be copied whereas both are in the same directory.

Kind regards

hello markus.gruber4,

sorry for misunderstand.
that’s correct for approach (1), that bootloader binaries should be signed and encrypted.
however, for the approach (2), you may copy binary to the target and assign the file path to FDT entry,

had you ever tried with approach (2) for confirmation?
thanks

no but i think i will do this soon, but in the directory there is also .sign file !!!

Kind regards

hello markus.gruber4,

may I know which directory you’re checking, could you please also share the list of them.
thanks

There is no update from you for a period, assuming this is not an issue any more.
Hence we are closing this topic. If need further support, please open a new one.
Thanks

Hi markus.gruber4,

Any update on this issue?