hello luke8,
please check the flashing logs.
you’ll found that several partitions were signed and encrypted before flashing to its partitions.
for example,
[ 459.4635 ] Writing partition kernel with boot_sigheader.img.encrypt
[ 459.5061 ] [................................................] 100%
[ 464.1538 ] Writing partition kernel-dtb with tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
[ 464.1617 ] [................................................] 100%
you may also refer to developer guide, and please check CBoot session.
those binaries under /boot/ did not signed and encrypted, you may also load device tree by using extlinux.conf.
please specify a FDT entry in the configure file to have an alternative way to load the kernel-dtb binary file from FDT entry.
thanks