Device boot failed

merlinwu · April 9, 2018, 5:34pm

Hi friends,

I make a try of enabling secure boot in Tegra T186, however the device boots failed.

I fused the “boot_security_info” with the value 0x2 which means using PKC rather than SBK.
I flashed the board with my 2048 bit RSA private key which means all of the partitions are signed using my private key…
I didn’t fuse the “public_key” which is the SHA256 hash of the public key.
I didn’t fuse the “odm_production_mode”.

In my opinions, because the “odm_production_mode” is left as 0, the bootrom will not verify the public key which is stored in BR-BCT. However, after the operations my device didn’t boot up.

Then I tried to boot the device in RCM mode, however failed because of BootROM communication error shown as below.

Sending MB1
Error in execution. Error Code 3. Exiting
Tool OutPut:
RCM version 0X13
Boot Rom communication failed
Tool OutPut to stderr:
RCM version 0X13
Boot Rom communication failed

I noticed that the RCM messages are signed with my private key too, so the BootROM communication failed because of the RCM messages validation failure?

Could anyone give me some suggestions about how to save my machine?

JerryChang · April 10, 2018, 6:43am

hello merlinwu,

could you share your flashing commands and also the flashing process logs,
you could use the “–noburn” options to skip flashing.
thanks

merlinwu · April 10, 2018, 6:52am

Hi JerryChang,

The command line is shown below

root@test:~/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn# ./bootburn.sh -b p2379c01-t186a -l -s -p rsa_private_key.pem
The "-l" option means flash linux rather than hypervisor, the "-s" means skip file system flasing"

And the log is shown below

Successfully acquired lock over /var/lock/LCK..bootburn
Target ECID(UID)[99:0] BR_CID: 0xa1801001641a00471c00000004fc01c0
Detected prod device type
/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/bootburn_lib.sh: line 1890: cd: /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_sKAxcPeC54: No such file or directory
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_recovery_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_sKAxcPeC54/rcm-flash/mb1_recovery.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_sKAxcPeC54/rcm-flash/mb1.bin'
Sending MB1
Error in execution. Error Code 3. Exiting
Tool OutPut:
RCM version 0X13
Boot Rom communication failed
Tool OutPut to stderr:
RCM version 0X13
Boot Rom communication failed

Before I fused the “boot_security_info” to “2”, I can flash the device successfully. After this operation, the device didn’t boot up.

And the /dev/ttyUSBx didn’t output anything.

merlinwu · April 10, 2018, 7:00am

The normal flash log is shown below.

root@test:/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn# ./bootburn.sh -b p2379c01-t186a -l -s
Tracing output located in /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/log_trace.txt
Successfully acquired lock over /var/lock/LCK..bootburn
Target ECID(UID)[99:0] BR_CID: 0x81801001641a00471c00000004fc01c0
Detected prod device type
/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/bootburn_lib.sh: line 1890: cd: /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx: No such file or directory
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_recovery_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/rcm-flash/mb1_recovery.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/rcm-flash/mb1.bin'
Sending MB1
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mts/mce_mts_d15_prod_cr.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/rcm-flash/mts-bootpack.bin'
############## Host machine info ##############
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial
Linux test 4.4.0-89-generic #112-Ubuntu SMP Mon Jul 31 19:38:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Target ChipId 0x18 ChipVersion 0x02
###############################################
##############   Using Binaries ###############
###############################################
QB: /home/test/VibranteSDK/vibrante-t186ref-foundation/bootloader/qb_cpu.bin
QB DTB: /home/test/VibranteSDK/vibrante-t186ref-foundation/bootloader/t186-vcm31t186.dtb
BPMP DTB:/home/test/VibranteSDK/vibrante-t186ref-foundation/platform-support/bpmp_dt/tegra186-a02-bpmp-vcm31-p2379a-000-c00-00.dtb
RCM_Flashing DTB:/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/flash/t18x/rcmkernel/tegra186-vcm31-p2379-flashing-base.dtb
RCM_Flashing Cfg:/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/flash/t18x/quickboot_flashing.cfg
Config file:/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/quickboot_qspi_rt_linux.cfg
Storage DTB:/home/test/VibranteSDK/vibrante-t186ref-linux/kernel/tegra186-vcm31-p2379-0000-c01-00-base-a.dtb
Generated Image Path: /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx
SDRAM Config: /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../platform-support/bct/sdram/E2379_C01_8GB_TA_Samsung_8GB_lpddr4_204MHz_A02.cfg
ADB tool: /home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../flash/adb
devOTAFlashOptions file: p2379c01-t186a_g1ZMBzfih8_flashOptions.txt
###############################################
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../flash/t18x/rcmkernel/tegra186-vcm31-p2379-flashing-base.dtb' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/rcm-flash/linux.dtb'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../flash/t18x/rcmfirmware/tegra186-a02-bpmp-vcm31-p2379a-000-c00-00.dtb' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/rcm-flash/bpmp.dtb'
Generating BCT Files
Generating BR_BCT File
Preserving SkuInfo from Target
Generating MB1_BCT File
Generating Flashing-RCM Images
Sending bct and prerequisite binaries
Sending Blob for RCM blob to target
Applet version 01.00.0000
Sending blob
[................................................] 100%
Flashing-boot started
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_recovery_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/mb1_recovery.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mb1//mb1_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/mb1.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/mts/mce_mts_d15_prod_cr.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/mts-bootpack.bin'
Appending Qb DTB to Qb binary
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/warmboot/warmboot_prod.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/warmboot.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../../vibrante-t186ref-linux/kernel/tegra186-vcm31-p2379-0000-c01-00-base-a.dtb' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/linux.dtb'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../platform-support/bpmp_dt/tegra186-a02-bpmp-vcm31-p2379a-000-c00-00.dtb' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/bpmp.dtb'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/adsp-fw.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/adsp-fw.bin'
'/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/../../../firmware/t186/camera-rtcpu-sce.bin' -> '/home/test/VibranteSDK/vibrante-t186ref-foundation/utils/scripts/bootburn/_temp_dump/_temp_dump_xzdfKtpUUx/flash-images/sce-fw.bin'
Generating BR_BCT File
Generating MB1_BCT File
Generating Flash Images, this may take a few minutes
Skipping file system flashing
Flashing-Images started
Waiting for USB device. This may take up to 100 seconds...
Android Debug Bridge version 1.0.32
Revision 4e80e5a0ea99-android
Platform version 6.0
supports 262144 Bytes MAX_PAYLOAD
This build is for NVIDIA embedded bootburn
Build time : Apr 21 2016 14:27:45
Flashing for Partition bct (Size: 524288 bytes, Time: 5.217 seconds)
Flashing for Partition mb1-bootloader (Size: 98256 bytes, Time: 1.428 seconds)
Flashing for Partition mb1-bootloader-r (Size: 98256 bytes, Time: 1.432 seconds)
Flashing for Partition mb1-bct (Size: 49744 bytes, Time: 1.280 seconds)
Flashing for Partition mb1-bct-r (Size: 49744 bytes, Time: 1.172 seconds)
Flashing for Partition fuse-bypass (Size: 416 bytes, Time: 1.156 seconds)
Flashing for Partition spe-fw (Size: 69536 bytes, Time: 1.389 seconds)
Flashing for Partition spe-fw-r (Size: 69536 bytes, Time: 1.337 seconds)
Flashing for Partition sc7-fw (Size: 21152 bytes, Time: 1.321 seconds)
Flashing for Partition sc7-fw-r (Size: 21152 bytes, Time: 1.265 seconds)
Flashing for Partition mb2-bootloader (Size: 57440 bytes, Time: 1.305 seconds)
Flashing for Partition mb2-bootloader-r (Size: 57440 bytes, Time: 1.308 seconds)
Flashing for Partition mts-preboot (Size: 61472 bytes, Time: 1.313 seconds)
Flashing for Partition mts-preboot-r (Size: 61472 bytes, Time: 1.257 seconds)
Flashing for Partition mts-bootpack (Size: 2077088 bytes, Time: 11.877 seconds)
Flashing for Partition mts-bootpack-r (Size: 2077088 bytes, Time: 12.045 seconds)
Flashing for Partition pt (Size: 522240 bytes, Time: 2.981 seconds)
Flashing for Partition bpmp-fw (Size: 527904 bytes, Time: 4.008 seconds)
Flashing for Partition bpmp-fw-r (Size: 527904 bytes, Time: 4.020 seconds)
Flashing for Partition bpmp-fw-dtb (Size: 67776 bytes, Time: 1.328 seconds)
Flashing for Partition bpmp-fw-dtb-r (Size: 67776 bytes, Time: 1.329 seconds)
Flashing for Partition sce-fw (Size: 72848 bytes, Time: 1.287 seconds)
Flashing for Partition sce-fw-r (Size: 72848 bytes, Time: 1.408 seconds)
Flashing for Partition adsp-fw (Size: 100400 bytes, Time: 1.513 seconds)
Flashing for Partition adsp-fw-r (Size: 100400 bytes, Time: 1.513 seconds)
Flashing for Partition cpu-bootloader (Size: 139520 bytes, Time: 1.449 seconds)
Flashing for Partition cpu-bootloader-r (Size: 139520 bytes, Time: 1.448 seconds)
Flashing for Partition secure-os (Size: 1181632 bytes, Time: 7.449 seconds)
Flashing for Partition secure-os-r (Size: 1181632 bytes, Time: 7.496 seconds)
Flashing for Partition eks (Size: 1744 bytes, Time: 1.156 seconds)
Flashing for Partition eks-r (Size: 1744 bytes, Time: 1.161 seconds)
Flashing for Partition kernel-dtb (Size: 151792 bytes, Time: 1.481 seconds)
Flashing for Partition kernel-dtb-r (Size: 151792 bytes, Time: 1.481 seconds)
Flashing for Partition kernel (Size: 10249040 bytes, Time: 59.951 seconds)
Flashing for Partition kernel-r (Size: 10249040 bytes, Time: 59.386 seconds)
Flashing for Partition ramdisk (Size: 2707776 bytes, Time: 15.914 seconds)
Flashing for Partition ramdisk-r (Size: 2707776 bytes, Time: 15.997 seconds)
Flashing for Partition fs-gp1 (Size: 17408 bytes, Time: 0.247 seconds)
Flashing for Partition fs-gpt (Size: 16896 bytes, Time: 0.248 seconds)
Press Reset button to Reboot the target
Bootburn Time 258.800 seconds
Adb Shell Time 236.554 seconds