Concerns about fuse burning on TX2

Hello @JerryChang,
While we are trying to debug our other issue. I was able to get a clean SOM and test fuse burning,

So far I have run the odmfuse burning process with the --test flag to see what it might result in. these are the commands and results (some folder paths removed):

sudo ./odmfuse.sh --test --noburn -i 0x18 -p -k ../.rsa_priv/rsa_priv.pem -S ../.rsa_priv/sbk.key --KEK2 ../.rsa_priv/kek2.txt jetson-tx2-4GB

log:
odmfuse_output.txt (28.9 KB)

Then I run the fusecmd.sh
log:
fusecmd_output.txt (15.1 KB)

But I am worried by this output and call to tegrasign.py and other scripts:

[   0.0088 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0094 ] Assuming zero filled SBK key

You can see it many times in the log. Here is the odmfuse_pkc.xml in the fuseblob

<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="SecureBootKey" size="16" value="0x<32 valid hex numbers which match the input>" />
<fuse name="Kek2" size="16" value="<32 valid hex numbers which match my input>" />
<fuse name="PublicKeyHash" size="32" value="0x<valid hash>" />
<fuse name="BootSecurityInfo" size="4" value="0x6" />
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>

Does this look alright? why is it assuming a zero filled SBK?

please also check Jetson TX2 not booting after ROOTFS_ENC=1 flash - #23 by JerryChang for reference…

hello nvidiadude,

FYI, you’re having incorrect command-line for odmfuse.sh.
since you’re doing offline approach, you’ll need to have to specify (a) board info, (b) --noburn options, (c) --auth fused-types to the command-line.
for example,
$ sudo BOARDID=<boardid> BOARDSKU=<sku> FAB=<fab> ./odmfuse.sh --noburn -i 0x18 --auth PKC -p -k <PKC Key file> jetson-tx2-devkit-4gb

please note that, the “--auth” option it’s indicating the current fuse status of the board, NOT indicating the fuse type you want to burn.
according to above example, it’s command-line to generate a fuseblob for PKC fused TX2 device, since given the --auth PKC, the later is the key file used by the platform.
thanks

Hi quick question, what is the flag
BOARDSKU= FAB= used for, does it really matter when flashing fuse?

Thansk, Gary

Ok, So since this is a new SOM with no security yet, this is my command:

sudo BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 ./odmfuse.sh --test --noburn -i 0x18 --auth NS -p -k ../.rsa_priv/rsa_priv.pem -S ../.rsa_priv/sbk.key --KEK2 ../.rsa_priv/kek2.txt jetson-tx2-4GB

The output looks great:
odmfuse_output2.txt (55.4 KB)

The odmfuse_pkc.xml file also looks the same as in my previous comment (I did unpack the new one).
But, then I run the fusecmd.sh and see this output:
fusecmd_2.txt (15.1 KB)

I am seeing again

[   0.0073 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0079 ] Assuming zero filled SBK key

The fusecmd that was generated:

eval './tegraflash.py --sdram_config P3489_Sku888_4GB_Hynix_4GB_lpddr4_204Mhz_P138_A02_l4t.cfg --misc_config tegra186-mb1-bct-misc-si-l4t.cfg --pinmux_config tegra186-mb1-bct-pinmux-quill-p3489-1000-a00.cfg --scr_config minimal_scr.cfg --scr_cold_boot_config mobile_scr.cfg --pmc_config tegra186-mb1-bct-pad-quill-p3489-1000-a00.cfg --pmic_config tegra186-mb1-bct-pmic-lightning-p3489-1000-a00.cfg --br_cmd_config tegra186-mb1-bct-bootrom-quill-p3489-1000-a00.cfg --prod_config tegra186-mb1-bct-prod-storm-p3489-1000-a00.cfg --dev_params emmc.cfg  --bins "mb2_bootloader nvtboot_recovery.bin; mts_preboot preboot_d15_prod_cr.bin; mts_bootpack mce_mts_d15_prod_cr.bin; bootloader_dtb tegra186-quill-p3489-0888-a00-00-base.dtb; bpmp_fw bpmp.bin; bpmp_fw_dtb tegra186-a02-bpmp-lightning-p3489-a00-00-te770m.dtb; tlk tos-trusty.img; eks eks.img" --cfg flash.xml --bl nvtboot_recovery_cpu.bin --odmdata 0x1090000 --chip 0x18 --applet mb1_recovery_prod.bin  --cmd "burnfuses dummy"'

Is seeing this output in the fusecmd step still bad?

PS. I also tried setting the BOARDID, BOARDSKU, FAB and BOARDREV variables when calling the fusecmd. No difference in output

Python version is 3.8

Thank you

@GaryLee
The config files are specific to these values,
if you check the odmfuse.func function you can see this in get_board_version

# The function that does the "dump eeprom" to retrieve the board info, including:
# FAB, BOARDID, BOARDSKU and BOARDREV. With these info, we can
# finally choose the various config files (sdram, pinmux, pmic... and etc.)
# Note that this function will only be called in ONLINE and HYBRID modes

Check out these docs:
https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3231/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/jetson_eeprom_layout.html

@JerryChang

And one other question about this fuse burning,
The intended end result is to have a Jetson Tx2 module with secureboot and encrypted rootfs.
After reading the documentation at
https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html#wwpID0E0AG0HA
and
https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/trusty.html#wwpID0EVHA

I believe I only need to flash a value to the kek2 fuses.
kek0, kek1 and kek256 can all be left untouched?

hello nvidiadude,

PKC for sign:
if PKC is burned, then the KEYFILE users provide is for signing the images.

SBK for encryption:
if SBK is burned, then the SBKFILE users provide is for encrypting the images.

KEKs for encryption keys:
they are keys to encrypt your keys. KEK0, KEK1, KEK2 are 128-bit key files; KEK256 is 256-bit key file. please use the commands, --KEK* to determine which key encryption key you’re going to fused.

hello nvidiadude,

you should review xml file for the all fuse info,
your fuse blob is ready for use if those were all correct,
thanks

Ok, so I generated the fuseblob without --test, and ran the fusecommand (xml looked same as before so all good)

#!/bin/bash
eval './tegraflash.py --sdram_config P3489_Sku888_4GB_Hynix_4GB_lpddr4_204Mhz_P138_A02_l4t.cfg --misc_config tegra186-mb1-bct-misc-si-l4t.cfg --pinmux_config tegra186-mb1-bct-pinmux-quill-p3489-1000-a00.cfg --scr_config minimal_scr.cfg --scr_cold_boot_config mobile_scr.cfg --pmc_config tegra186-mb1-bct-pad-quill-p3489-1000-a00.cfg --pmic_config tegra186-mb1-bct-pmic-lightning-p3489-1000-a00.cfg --br_cmd_config tegra186-mb1-bct-bootrom-quill-p3489-1000-a00.cfg --prod_config tegra186-mb1-bct-prod-storm-p3489-1000-a00.cfg --dev_params emmc.cfg  --bins "mb2_bootloader nvtboot_recovery.bin; mts_preboot preboot_d15_prod_cr.bin; mts_bootpack mce_mts_d15_prod_cr.bin; bootloader_dtb tegra186-quill-p3489-0888-a00-00-base.dtb; bpmp_fw bpmp.bin; bpmp_fw_dtb tegra186-a02-bpmp-lightning-p3489-a00-00-te770m.dtb; tlk tos-trusty.img; eks eks.img" --cfg flash.xml --bl nvtboot_recovery_cpu.bin --odmdata 0x1090000 --chip 0x18 --applet mb1_recovery_prod.bin  --cmd "burnfuses odmfuse_pkc.xml"'

Here is the output (Looked like a successful burn, I do not think the syntax warning affected anything):
fuseburn_output.txt (16.4 KB)

I generated the eks.img following using this gen_ekb.py script:

python3 gen_ekb.py -kek2_key kek2.txt \
    -fv fv_ekb \
    -in_sym_key sym.key \
    -in sym_key2 sym2.key \
    -out eks.img

and copied eks.img to bootloader, I then ran the flash command:

sudo ROOTFS_ENC=1 BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 ./flash.sh --no-flash -u ../.rsa_priv/rsa_priv.pem  -v ../.rsa_priv/sbk.key -i ../.rsa_priv/sym2.key --user_key ../.rsa_priv/user_ker.key jetson-tx2-4GB mmcblk0p1

Note: user_key.key is same value as sym.key in the accepted format (Ex. 0x000 0x000 …)

Flashing output (–no-flash):
flash_initialnoflash (63.2 KB)
Flashing output (sudo bash flashcommand.txt)
flashcommand_output.txt (12.2 KB)

Everything looks really good in the output but Not booting when started, are my key inputs correct? I am pretty sure flash.sh modifies the eks.img so maybe my step with gen_ekb.py is pointless…

hello nvidiadude,

you may refer to https://www.jetsonhacks.com/2017/03/24/serial-console-nvidia-jetson-tx2/,
please setup serial console to gather bootloader messages for details. thanks

Thanks, after some break I got a TTL connection wire and am using the serial console to debug, eventually I discovered that my RSA key for user_key was not working. Thus the flashing command is :

sudo ROOTFS_ENC=1 BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 ./flash.sh --no-flash -u ../.rsa_priv/rsa_priv.pem  -v ../.rsa_priv/sbk.key -i ../.rsa_priv/sym2.key jetson-tx2-4GB mmcblk0p1

After this, I edited the init script for more debug messages and see that the rootfs cannot be mounted due to missing modules in the kernel.

Required kernel crypto interface not available.
Ensure you have algif_skcipher kernel module loaded. 

So to fix I recompile kernel and withe the following lines added to the config file:

ONFIG_CRYPTO_CRYPTD=y
CONFIG_CRYPTO_CTR=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_DEV_TEGRA_VIRTUAL_SE_INTERFACE=y

So I add and flash, we are able to get to the rootfs decrypted and mounted. But fail at the install steps.
Here is what I see in the serial console when starting:

tarting kernel ...

[    0.000000] Booting Linux on physical CPU 0x100
[    0.000000] Linux version 4.9.201-tegra () (gcc version 7.3.1 20180425 [linaro-7.3-2018.05 revision d29120a424ecfbc167ef90065c0eeb7f91977701] (Linaro GCC 7.3-2018.05) ) #61
[    0.000000] Boot CPU: AArch64 Processor [411fd073]
[    0.000000] OF: fdt:memory scan node memory@80000000, reg size 80,
[    0.000000] OF: fdt: - 80000000 ,  70000000
[    0.000000] OF: fdt: - f0200000 ,  85600000
[    0.000000] OF: fdt: - 175e00000 ,  200000
[    0.000000] OF: fdt: - 176600000 ,  200000
[    0.000000] OF: fdt: - 177000000 ,  200000
[    0.000000] earlycon: uart8250 at MMIO32 0x0000000003100000 (options '')
[    0.000000] bootconsole [uart8250] enabled
[    0.484476] pca953x 0-0077: failed reading register
[    1.198017] eqos 2490000.ether_qos: invalid settings : rx-frames must be enabled along with use_riwt in DT
[    1.207685] Coalescing parameters incorrect
[    1.388976] ina3221x 0-0042: ina3221 reset failure status: 0xffffff87
[    1.395793] ina3221x 0-0043: ina3221 reset failure status: 0xffffff87
[    6.956201] cgroup: cgroup2: unknown option "nsdelegate"
[    9.194509] using random self ethernet address
[    9.199156] using random host ethernet address
[    9.507931] using random self ethernet address
[    9.512540] using random host ethernet address
[   13.748473] Please complete system configuration setup on the serial port provided by Jetson's USB device mode connection. e.g. /dev/ttyACMx where x can 0, 1, 2 etc.
[0000.229] I> Welcome to MB2(TBoot-BPMP)(version: 01.00.160913-t186-M-00.00-mobile-03715cad)
[0000.238] I> Boot-device: eMMC
[0000.245] I> sdmmc bdev is already initialized
[0000.250] I> pmic: reset reason (nverc)        : 0x54
[0000.283] I> Found 19 partitions in SDMMC_BOOT (instance 3)
[0000.302] I> Found 34 partitions in SDMMC_USER (instance 3)
[0000.308] W> No valid slot number is found in scratch register
[0000.314] W> Return default slot: _a
[0000.317] I> A/B: bin_type (16) slot 0
[0000.321] I> Loading partition bpmp-fw at 0xd7800000
[0000.326] I> Reading two headers - addr:0xd7800000 blocks:1
[0000.331] I> Addr: 0xd7800000, start-block: 29417480, num_blocks: 1
[0000.358] I> Binary(16) of size 534416 is loaded @ 0xd7800000
[0000.364] W> No valid slot number is found in scratch register
[0000.369] W> Return default slot: _a
[0000.373] I> A/B: bin_type (17) slot 0
[0000.376] I> Loading partition bpmp-fw-dtb at 0xd79f0000
[0000.382] I> Reading two headers - addr:0xd79f0000 blocks:1
[0000.387] I> Addr: 0xd79f0000, start-block: 29419896, num_blocks: 1
[0000.410] I> Binary(17) of size 314992 is loaded @ 0xd79b3000
[0000.533] I> Loading SCE-FW ...
[0000.536] W> No valid slot number is found in scratch register
[0000.541] W> Return default slot: _a
[0000.545] I> A/B: bin_type (12) slot 0
[0000.548] I> Loading partition sce-fw at 0xd7300000
[0000.553] I> Reading two headers - addr:0xd7300000 blocks:1
[0000.559] I> Addr: 0xd7300000, start-block: 29423992, num_blocks: 1
[0000.579] I> Binary(12) of size 125168 is loaded @ 0xd7300000
[0000.584] I> Init SCE
[0000.587] I> Loading APE-FW ...
[0000.590] W> No valid slot number is found in scratch register
[0000.595] W> Return default slot: _a
[0000.599] I> A/B: bin_type (11) slot 0
[0000.602] I> Loading partition adsp-fw at 0xd7400000
[0000.607] I> Reading two headers - addr:0xd7400000 blocks:1
[0000.613] I> Addr: 0xd7400000, start-block: 29401096, num_blocks: 1
[0000.633] I> Binary(11) of size 77216 is loaded @ 0xd7400000
[0000.639] I> Copy BTCM section
[0000.642] W> No valid slot number is found in scratch register
[0000.647] W> Return default slot: _a
[0000.651] I> A/B: bin_type (13) slot 0
[0000.654] I> Loading partition cpu-bootloader at 0x96000000
[0000.660] I> Reading two headers - addr:0x96000000 blocks:1
[0000.665] I> Addr: 0x96000000, start-block: 29380616, num_blocks: 1
[0000.687] I> Binary(13) of size 302064 is loaded @ 0x96000000
[0000.693] W> No valid slot number is found in scratch register
[0000.699] W> Return default slot: _a
[0000.702] I> A/B: bin_type (20) slot 0
[0000.706] I> Loading partition bootloader-dtb at 0x8520f400
[0000.711] I> Reading two headers - addr:0x8520f400 blocks:1
[0000.717] I> Addr: 0x8520f400, start-block: 29382664, num_blocks: 1
[0000.738] I> Binary(20) of size 242304 is loaded @ 0x8520f400
[0000.744] W> No valid slot number is found in scratch register
[0000.750] W> Return default slot: _a
[0000.753] I> A/B: bin_type (14) slot 0
[0000.757] I> Loading partition secure-os at 0x8530f600
[0000.762] I> Reading two headers - addr:0x8530f600 blocks:1
[0000.767] I> Addr: 0x8530f600, start-block: 29384712, num_blocks: 1
[0000.791] I> Binary(14) of size 394672 is loaded @ 0x8530f600
[0000.799] I> TOS boot-params @ 0x85000000
[0000.803] I> TOS params prepared
[0000.806] I> Loading EKS ...
[0000.808] I> A/B: bin_type (15) slot 0
[0000.812] I> Loading partition eks at 0x8590f800
[0000.816] I> Reading two headers - addr:0x8590f800 blocks:1
[0000.822] I> Addr: 0x8590f800, start-block: 29397000, num_blocks: 1
[0000.841] I> Binary(15) of size 1040 is loaded @ 0x8590f800
[0000.847] I> EKB detected (length: 0x400) @ 0x8590f800
[0000.852] I> Copied encrypted keys
[0000.856] I> boot profiler @ 0x175844000
[0000.859] I> boot profiler for TOS @ 0x175844000
[0000.864] I> Unhalting SCE
[0000.867] I> Primary Memory Start:80000000 Size:70000000
[0000.872] I> Extended Memory Start:f0110000 Size:856f0000
[0000.879] I> MB2(TBoot-BPMP) done

NOTICE:  BL31: v1.3(release):5b49e7f80
NOTICE:  BL31: Built : 08:38:54, Feb 19 2021
ipc-unittest-main: 1519: Welcome to IPC unittest!!!
ipc-unittest-main: 1531: waiting forever
ipc-unittest-srv: 329: Init unittest services!!!
hwkey-agent: 40: hwkey-agent is running!!
hwkey-agent: 197: key_mgnt_processing .......
hwkey-agent: 189: Setting EKB key 0 to slot 14
hwkey-agent: 167: Init hweky-agent services!!
luks-srv: 40: luks-srv is running!!
luks-srv: 157: Init luks-srv IPC services!!
platform_bootstrap_epilog: trusty bootstrap complete
[0001.185] I> Welcome to Cboot
[0001.188] I> Cboot Version: t186-28749d1d
[0001.192] I> CPU-BL Params @ 0x175800000
[0001.196] I>  0) Base:0x00000000 Size:0x00000000
[0001.200] I>  1) Base:0x177f00000 Size:0x00100000
[0001.205] I>  2) Base:0x177e00000 Size:0x00100000
[0001.209] I>  3) Base:0x177d00000 Size:0x00100000
[0001.214] I>  4) Base:0x177c00000 Size:0x00100000
[0001.218] I>  5) Base:0x177b00000 Size:0x00100000
[0001.223] I>  6) Base:0x177800000 Size:0x00200000
[0001.227] I>  7) Base:0x177400000 Size:0x00400000
[0001.232] I>  8) Base:0x177a00000 Size:0x00100000
[0001.236] I>  9) Base:0x177300000 Size:0x00100000
[0001.241] I> 10) Base:0x176800000 Size:0x00800000
[0001.245] I> 11) Base:0x30000000 Size:0x00040000
[0001.250] I> 12) Base:0xf0000000 Size:0x00100000
[0001.254] I> 13) Base:0x30040000 Size:0x00001000
[0001.259] I> 14) Base:0x30048000 Size:0x00001000
[0001.263] I> 15) Base:0x30049000 Size:0x00001000
[0001.268] I> 16) Base:0x3004a000 Size:0x00001000
[0001.272] I> 17) Base:0x3004b000 Size:0x00001000
[0001.276] I> 18) Base:0x3004c000 Size:0x00001000
[0001.281] I> 19) Base:0x3004d000 Size:0x00001000
[0001.285] I> 20) Base:0x3004e000 Size:0x00001000
[0001.290] I> 21) Base:0x3004f000 Size:0x00001000
[0001.294] I> 22) Base:0x00000000 Size:0x00000000
[0001.299] I> 23) Base:0xf0100000 Size:0x00010000
[0001.303] I> 24) Base:0x00000000 Size:0x00000000
[0001.307] I> 25) Base:0x00000000 Size:0x00000000
[0001.312] I> 26) Base:0x00000000 Size:0x00000000
[0001.316] I> 27) Base:0x00000000 Size:0x00000000
[0001.321] I> 28) Base:0x84400000 Size:0x00400000
[0001.325] I> 29) Base:0x30000000 Size:0x00010000
[0001.330] I> 30) Base:0x178000000 Size:0x08000000
[0001.334] I> 31) Base:0x00000000 Size:0x00000000
[0001.339] I> 32) Base:0x176000000 Size:0x00600000
[0001.343] I> 33) Base:0x80000000 Size:0x70000000
[0001.347] I> 34) Base:0xf0110000 Size:0x856f0000
[0001.352] I> 35) Base:0x00000000 Size:0x00000000
[0001.356] I> 36) Base:0x00000000 Size:0x00000000
[0001.361] I> 37) Base:0x1772e0000 Size:0x00020000
[0001.365] I> 38) Base:0x84000000 Size:0x00400000
[0001.370] I> 39) Base:0x96000000 Size:0x02000000
[0001.374] I> 40) Base:0x85000000 Size:0x01200000
[0001.379] I> 41) Base:0x175800000 Size:0x00500000
[0001.383] I> 42) Base:0x00000000 Size:0x00000000
[0001.388] I> 43) Base:0x00000000 Size:0x00000000
[0001.392] GIC-SPI Target CPU: 4
[0001.395] Interrupts Init done
[0001.398] calling constructors
[0001.402] initializing heap
[0001.404] initializing threads
[0001.407] initializing timers
[0001.411] creating bootstrap completion thread
[0001.415] top of bootstrap2()
[0001.418] CPU: ARM Cortex A57
[0001.422] CPU: MIDR: 0x411FD073, MPIDR: 0x80000100
[0001.427] initializing platform
[0001.430] I> Bl_dtb @0x8520f400
[0001.433] I> gpio framework initialized
[0001.438] I> tegrabl_gpio_driver_register: register 'nvidia,tegra186-gpio' driver
[0001.447] I> tegrabl_gpio_driver_register: register 'nvidia,tegra186-gpio-aon' driver
[0001.455] I> GPIO framework and drivers are initialized.
[0001.460] I> Boot-device: eMMC
[0001.467] I> sdmmc bdev is already initialized
[0001.498] I> Found 19 partitions in SDMMC_BOOT (instance 3)
[0001.515] I> Found 34 partitions in SDMMC_USER (instance 3)
[0001.521] W> opt-in fuse is not set, skip fuse_burning
[0001.525] I> Reserved memory at 0xfbe00000 for U-Boot relocation
[0001.531] W> No valid slot number is found in scratch register
[0001.537] W> Return default slot: _a
[0001.546] I> A/B: bin_type (21) slot 0
[0001.550] I> Loading kernel-dtb from partition
[0001.554] I> Loading partition kernel-dtb at 0x80000000 from device(0x1)
[0001.572] I> Kernel_dtb @0x80000000
[0001.575] I> tegrabl_tca9539_init: i2c bus: 0, slave addr: 0xee
[0001.584] E> I2C: slave not found in slaves.
[0001.588] E> I2C: Could not write 0 bytes to slave: 0x00ee with repeat start false.
[0001.595] E> I2C_DEV: Failed to send register address 0x00000004.
[0001.601] E> I2C_DEV: Could not write 1 registers of size 1 to slave 0xee at 0x00000004 via instance 0.
[0001.611] E> tca9539_device_init: failed to write polar reg
[0001.616] E> tegrabl_tca9539_init: failed to init device!
[0001.621] I> tegrabl_tca9539_init: i2c bus: 0, slave addr: 0xe8
[0001.630] I> tegrabl_gpio_driver_register: register 'tca9539_gpio_driver' driver
[0001.639] I> fixed regulator driver initialized
[0001.664] I> register 'maxim' power off handle
[0001.669] I> virtual i2c enabled
[0001.672] I> registered 'maxim,max77620' pmic
[0001.677] I> tegrabl_gpio_driver_register: register 'max77620-gpio' driver
[0001.687] I> Find /i2c@c250000's alias i2c7
[0001.691] I> Reading eeprom i2c=7 address=0x50
[0001.720] I> Device at /i2c@c250000:0x50
[0001.724] I> Reading eeprom i2c=7 address=0x57
[0001.752] I> Device at /i2c@c250000:0x57
[0001.757] I> Find /i2c@c240000's alias i2c1
[0001.761] I> Reading eeprom i2c=1 address=0x51
[0001.766] E> I2C: slave not found in slaves.
[0001.770] E> I2C: Could not write 0 bytes to slave: 0x00a2 with repeat start true.
[0001.778] E> I2C_DEV: Failed to send register address 0x00000000.
[0001.784] E> I2C_DEV: Could not read 256 registers of size 1 from slave 0xa2 at 0x00000000 via instance 1.
[0001.793] E> eeprom: Retry to read I2C slave device.
[0001.798] E> I2C: slave not found in slaves.
[0001.802] E> I2C: Could not write 0 bytes to slave: 0x00a2 with repeat start true.
[0001.810] E> I2C_DEV: Failed to send register address 0x00000000.
[0001.816] E> I2C_DEV: Could not read 256 registers of size 1 from slave 0xa2 at 0x00000000 via instance 1.
[0001.825] E> eeprom: Failed to read I2C slave device
[0001.830] I> Eeprom read failed 0x3526070d
[0001.834] I> Find /i2c@3160000's alias i2c0
[0001.838] I> Reading eeprom i2c=0 address=0x50
[0001.843] E> I2C: slave not found in slaves.
[0001.847] E> I2C: Could not write 0 bytes to slave: 0x00a0 with repeat start true.
[0001.855] E> I2C_DEV: Failed to send register address 0x00000000.
[0001.860] E> I2C_DEV: Could not read 256 registers of size 1 from slave 0xa0 at 0x00000000 via instance 0.
[0001.870] E> eeprom: Failed to read I2C slave device
[0001.875] I> Eeprom read failed 0x3526070d
[0001.879] I> Find /i2c@3180000's alias i2c2
[0001.883] I> Reading eeprom i2c=2 address=0x54
[0001.888] I> Enabling gpio chip_id = 2, gpio pin = 9
[0001.892] C> GPIO driver for chip_id 0x2 could not be found
[0001.898] E> cam_eeprom_read: Can't get gpio driver
[0001.903] I> Eeprom read failed 0x4d4d000d
[0001.906] I> Reading eeprom i2c=2 address=0x57
[0001.911] I> Enabling gpio chip_id = 2, gpio pin = 9
[0001.915] C> GPIO driver for chip_id 0x2 could not be found
[0001.921] E> cam_eeprom_read: Can't get gpio driver
[0001.926] I> Eeprom read failed 0x4d4d000d
[0001.929] I> create_pm_ids: id: 3489-0888-300-N, len: 15
[0001.935] I> config: mem-type:00,power-config:00,misc-config:00,modem-config:00,touch-config:00,display-config:00,, len: 93
[0001.946] I> create_pm_ids: id: XXXX-XXXX-XXX-X, len: 15
[0001.951] I> config: mem-type:ff,power-config:ff,misc-config:ff,modem-config:ff,touch-config:ff,display-config:ff,, len: 93
[0001.975] I> enabling 'vdd-hdmi' regulator
[0001.986] I> regulator 'vdd-hdmi' already enabled
[0001.991] E> tegrabl_display_init_regulator: hdmi cable is not connected
[0001.997] E> tegrabl_display_get_pdata, failed to parse dtb settings
[0002.005] E> cannot find any other nvdisp nodes
[0002.009] E> no valid display unit config found in dtb
[0002.015] W> display init failed
[0002.018] initializing target
[0002.021] calling apps_init()
[0002.024] starting app kernel_boot_app
[0002.048] I> found decompressor handler: lz4-legacy
[0002.053] I> decompressing BMP blob ...
[0002.065] I> Kernel type = Normal
[0002.068] I> Loading kernel-bootctrl from partition
[0002.073] I> Loading partition kernel-bootctrl at 0xa8000000 from device(0x1)
[0002.087] W> tegrabl_get_kernel_bootctrl: magic number(0x00000000) is invalid
[0002.094] W> tegrabl_get_kernel_bootctrl: use default dummy boot control data
[0002.101] I> ########## Fixed storage boot ##########
[0002.106] W> No valid slot number is found in scratch register
[0002.112] W> Return default slot: _a
[0002.115] I> A/B: bin_type (24) slot 0
[0002.131] I> Boot image size read from image header: 97de5
[0002.136] I> Boot image load address: 0x80400000
[0002.140] I> Loading kernel from partition
[0002.144] I> Loading partition kernel at 0x80400000 from device(0x1)
[0003.088] I> Validate kernel ...
[0003.091] I> T18x: Authenticate kernel (bin_type 24), max size 0x4000000
[0003.097] I> cboot: Info: Handle RSA_SBK as RSA.[0003.103] I> Checking boot.img header magic ... [0003.108] I> [OK]
[0003.109] I> kernel-dtb is already loaded
[0003.113] I> Validate kernel-dtb ...
[0003.117] I> T18x: Authenticate kernel-dtb (bin_type 21), max size 0x100000
[0003.124] I> Kernel hdr @0x80400000
[0003.127] I> Kernel dtb @0x80000000
[0003.131] I> decompressor handler not found
[0003.135] I> Copying kernel image (622053 bytes) from 0x80400800 to 0x80600000 ... [0003.142] I> Done
[0003.144] I> Move ramdisk (len: 0) from 0x80498800 to 0x947d0000
[0003.151] I> Updated bpmp info to DTB
[0003.156] I> Ramdisk: Base: 0x947d0000; Size: 0x0
[0003.161] I> Updated initrd info to DTB
[0003.164] W> WARN: Fail to override "console=none" in commandline
[0003.170] I> Active rootfs suffix: 
[0003.173] E> tegrabl_linuxboot_add_disp_param, du 0 failed to get display params
[0003.181] E> tegrabl_linuxboot_add_disp_param, du 0 failed to get display params
[0003.188] E> tegrabl_linuxboot_add_disp_param, du 0 failed to get display params
[0003.195] I> disabled_core_mask: 0xffffff0c
[0003.199] W> No valid slot number is found in scratch register
[0003.205] W> Return default slot: _a
[0003.208] I> Active slot suffix: 
[0003.211] I> add_boot_slot_suffix: slot_suffix = 
[0003.216] I> Linux Cmdline: console=ttyS0,115200 androidboot.presilicon=true firmware_class.path=/etc/firmware root=UUID=1173b359-c542-4ee3-923d-aa0fc1c899bd rw rootwait rootfstype=ext4 console=ttyS0,1 
[0003.266] I> Updated bootarg info to DTB
[0003.269] W> MAC addr invalid!
[0003.272] E> Failed to get WIFI MAC address
[0003.276] W> MAC addr invalid!
[0003.279] E> Failed to get Bluetooth MAC address
[0003.284] I> eeprom_get_mac_addr: MAC (type: 2): 00:04:4b:ea:ab:2c
[0003.290] E> Found no plugin manager ids in source DT
[0003.295] W> Add plugin manager ids from board info
[0003.299] W> "plugin-manager" doesn't exist, creating
[0003.304] W> "ids" doesn't exist, creating
[0003.308] W> "connection" doesn't exist, creating
[0003.313] W> "configs" doesn't exist, creating
[0003.317] I> create_pm_ids: id: 3489-0888-300-N, len: 15
[0003.322] I> config: mem-type:00,power-config:00,misc-config:00,modem-config:00,touch-config:00,display-config:00,, len: 93
[0003.333] I> create_pm_ids: id: XXXX-XXXX-XXX-X, len: 15
[0003.338] I> config: mem-type:ff,power-config:ff,misc-config:ff,modem-config:ff,touch-config:ff,display-config:ff,, len: 93
[0003.349] I> Adding plugin-manager/ids/3489-0888-300=/i2c@c250000:module@0x50
[0003.356] W> "i2c@c250000" doesn't exist, creating
[0003.361] W> "module@0x50" doesn't exist, creating
[0003.366] I> Adding plugin-manager/ids/XXXX-XXXX-XXX=/i2c@c250000:module@0x57
[0003.373] W> "module@0x57" doesn't exist, creating
[0003.379] I> Adding plugin-manager/ids/3489-0888-300-N
[0003.385] I> Adding plugin-manager/configs/3489-mem-type 00
[0003.391] I> Adding plugin-manager/configs/3489-power-config 00
[0003.397] I> Adding plugin-manager/configs/3489-misc-config 00
[0003.402] I> Adding plugin-manager/configs/3489-modem-config 00
[0003.408] I> Adding plugin-manager/configs/3489-touch-config 00
[0003.414] I> Adding plugin-manager/configs/3489-display-config 00
[0003.420] I> Adding plugin-manager/cvm
[0003.424] W> "chip-id" doesn't exist, creating
[0003.428] I> Adding plugin-manager/chip-id/A02P
[0003.433] W> "odm-data" doesn't exist, creating
[0003.437] I> Adding /chosen/plugin-manager/odm-data
[0003.446] I> added [base:0x80000000, size:0x70000000] to /memory
[0003.452] I> added [base:0xf0200000, size:0x85600000] to /memory
[0003.457] I> added [base:0x175e00000, size:0x200000] to /memory
[0003.463] I> added [base:0x176600000, size:0x200000] to /memory
[0003.469] I> added [base:0x177000000, size:0x200000] to /memory
[0003.475] I> Updated memory info to DTB
[0003.479] E> add_disp_param: failed to get display params for du=0
[0003.486] W> "reset" doesn't exist, creating
[0003.490] W> "pmc-reset-reason" doesn't exist, creating
[0003.495] W> "pmic-reset-reason" doesn't exist, creating
[0003.501] I> Adding ecid(00000001645966470000000013040080) to DT
[0003.507] I> disabled_core_mask: 0xffffff0c
[0003.516] I> Add serial number:1424220043890 as DT property
[0003.524] I> Plugin-manager override starting
[0003.529] I> node /plugin-manager/fragement@0 matches
[0003.537] I> node /plugin-manager/fragement@4 matches
[0003.560] I> Disable plugin-manager status in FDT
[0003.565] I> Plugin-manager override finished successfully
[0003.570] I> tegrabl_load_kernel_and_dtb: Done
[0003.574] E> tegrabl_display_clear: display is not initialized
[0003.580] W> Boot logo display failed...
[0003.584] I> Kernel EP: 0x80600000, DTB: 0x80000000


U-Boot 2020.04-g6b630d64fd (Feb 19 2021 - 08:38:59 -0800)

SoC: tegra186
Model: NVIDIA P2771-0000-500
Board: NVIDIA P2771-0000
DRAM:  3.8 GiB
MMC:   sdhci@3400000: 1, sdhci@3460000: 0
Loading Environment from MMC... *** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   
Warning: ethernet@2490000 using MAC address from ROM
eth0: ethernet@2490000
Hit any key to stop autoboot:  0 
switch to partitions #0, OK
mmc1 is current device
** Unrecognized filesystem type **
switch to partitions #0, OK
mmc0(part 0) is current device
Scanning mmc 0:1...
Found /extlinux/extlinux.conf
Retrieving file: /extlinux/extlinux.conf
1008 bytes read in 15 ms (65.4 KiB/s)
1:      primary kernel
Retrieving file: /boot/initrd
11357773 bytes read in 292 ms (37.1 MiB/s)
Retrieving file: /boot/Image
34347016 bytes read in 828 ms (39.6 MiB/s)
append: console=ttyS0,115200 androidboot.presilicon=true firmware_class.path=/etc/firmware root=UUID=1173b359-c542-4ee3-923d-aa0fc1c899bd rw rootwait rootfstype=ext4 console=ttyS0,115200n8 console=tty0  
## Flattened Device Tree blob at 80000000
   Booting using the fdt blob at 0x80000000
ERROR: reserving fdt memory region failed (addr=0 size=0)
ERROR: reserving fdt memory region failed (addr=0 size=0)
ERROR: reserving fdt memory region failed (addr=0 size=0)
   Using Device Tree in place at 0000000080000000, end 0000000080040216
copying carveout for /host1x@13e00000/display-hub@15200000/display@15200000...
copying carveout for /host1x@13e00000/display-hub@15200000/display@15210000...
copying carveout for /host1x@13e00000/display-hub@15200000/display@15220000...

Starting kernel ...

[    0.000000] Booting Linux on physical CPU 0x100
[    0.000000] Linux version 4.9.201-tegra (FORDNA1\mharr418@ugc165691z2) (gcc version 7.3.1 20180425 [linaro-7.3-2018.05 revision d29120a424ecfbc167ef90065c0eeb7f91977701] (Linaro GCC 7.3-2018.05) ) #61
[    0.000000] Boot CPU: AArch64 Processor [411fd073]
[    0.000000] OF: fdt:memory scan node memory@80000000, reg size 80,
[    0.000000] OF: fdt: - 80000000 ,  70000000
[    0.000000] OF: fdt: - f0200000 ,  85600000
[    0.000000] OF: fdt: - 175e00000 ,  200000
[    0.000000] OF: fdt: - 176600000 ,  200000
[    0.000000] OF: fdt: - 177000000 ,  200000
[    0.000000] earlycon: uart8250 at MMIO32 0x0000000003100000 (options '')
[    0.000000] bootconsole [uart8250] enabled
[    0.472574] pca953x 0-0077: failed reading register
[    1.189692] eqos 2490000.ether_qos: invalid settings : rx-frames must be enabled along with use_riwt in DT
[    1.199410] Coalescing parameters incorrect
[    1.395478] ina3221x 0-0042: ina3221 reset failure status: 0xffffff87
[    1.402317] ina3221x 0-0043: ina3221 reset failure status: 0xffffff87
[    6.977986] cgroup: cgroup2: unknown option "nsdelegate"
[    9.164262] using random self ethernet address
[    9.175238] using random host ethernet address
[    9.485683] using random self ethernet address
[    9.490187] using random host ethernet address
[   13.701162] Please complete system configuration setup on the serial port provided by Jetson's USB device mode connection. e.g. /dev/ttyACMx where x can 0, 1, 2 etc.

Whenever I try to start the configuration setup, I get a Installation error message and am dumped into the localhost login shell. There is no username/password yet so I cannot login. Not sure what else I can do here…

hello nvidiadude,

may I confirm what’s the authentication types of your Jetson TX2.
you must enable odm_production_mode if you’re program PKC+SBK, otherwise you cannot boot-up the OS.

I added the -p flag so the odm_production_mode should be set? correct? You can check the output of the fuse burning steps above. Here is the odmfuse_pkc.xml file again

<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="SecureBootKey" size="16" value="0x<32 valid hex numbers which match the input>" />
<fuse name="Kek2" size="16" value="<32 valid hex numbers which match my input>" />
<fuse name="PublicKeyHash" size="32" value="0x<valid hash>" />
<fuse name="BootSecurityInfo" size="4" value="0x6" />
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>

odmfuseread.sh shows suprising output:

Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

The command I use is

/odmfuseread.sh -i 0x18 --auth NS -k ../.rsa_priv/rsa_pub.key -S ../.rsa_priv/sbk.key jetson-tx2-4GB

hello nvidiadude,

you’ll need to include board info, such as BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 while using these commands to generate a fuse blob.
in the other words, these three, (1) board info, (2) --auth options, and (3) --noburn options should use together to create a fuseblob locally.

that xml file, odmfuse_pkc.xml looks correct, are you able to boot into the ubuntu desktop?

Hello, no I cannot boot into the desktop,

Yes, I exported those variables when I ran the command, check at my comment : Concerns about fuse burning on TX2 - #6 by nvidiadude

I reread and realized the fuse burning output above and realized there were issues burning fuses. Feel a bit dumb now… the line says this:

[   2.4339 ] tegrarcm_v2 --oem burnfuses blow_fuse_data.bin
[   2.4372 ] Applet version 01.00.0000
[   2.5369 ] 0000000000000001: Oem commands are not supported
[   2.5380 ] Fuse burning failed

My output was attached in this comment:

Now I cannot burn fuses (so something happened but not what we wanted, If I run the odmfuseread.sh script, the get_fuse_level function is getting “e” for $flval (so my board is in PKC)

However, if I try to flash with just PKC set I cannot…
Initial command

sudo BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 ./flash.sh --no-flash -u ../.rsa_priv/rsa_priv.pem jetson-tx2-4GB mmcblk0p1

Output:

3.8.10 (default, Jun  2 2021, 10:49:15) 
[GCC 9.4.0]
Version info.
sys.version_info(major=3, minor=8, micro=10, releaselevel='final', serial=0)
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0069 ] Parsing partition layout
[   0.0080 ] tegraparser_v2 --pt secureflash.xml.tmp
[   0.0091 ] 
[   0.0092 ] Boot Rom communication
[   0.0098 ] tegrarcm_v2 --chip 0x18 0 --rcm rcm_1_signed.rcm
[   0.0105 ] BR_CID: 0xe1801001645966470000000013040080
[   0.2351 ] Bootrom returned error 10
[   0.3769 ] Boot Rom communication failed
[   0.3769 ] 
Error: Return value 10
Command tegrarcm_v2 --chip 0x18 0 --rcm rcm_1_signed.rcm

This seems to be a big issue, has this fuse burning and flashing been thoroughly tested on Jetson tx2 4GB?
Seems prone to alot of errors.

hello nvidiadude,

may I know what’s your very first commands to fuse burn the Jetson TX2?

This thread contains all the commands I have been using for this process.
my original fuse burning command is :

udo BOARDID=3489 BOARDSKU=0888 FAB=300 BOARDREV=N.0 ./odmfuse.sh --noburn -i 0x18 --auth NS -p -k ../.rsa_priv/rsa_priv.pem -S ../.rsa_priv/sbk.key --KEK2 ../.rsa_priv/kek2.txt jetson-tx2-4GB

As it is shown here and in the next several comments : Concerns about fuse burning on TX2 - #6 by nvidiadude

Can I get an answer on my previous question as well?

This seems to be a big issue, has this fuse burning and flashing been thoroughly tested on Jetson tx2 4GB? Seems prone to alot of errors.

hello nvidiadude,

yes, it has validated. it was fused PKC, SBK on Jetson-TX2-4GB board.

Ok, I can try this process on one more SOM, but I want it to work correctly.
I will be testing with the l4t 32.6.1 release a similar odmfuse.sh command.
I am not sure how I can recover the current SOM.