hello nazaraa,
FYI,
it’s known issue to enable secureboot from UEFI on r35.2.1 release version.
here’s UEFI changes, i.e.
dc1bb4fcc83f97f3f0500096d5b4274e43ea8def, which has fix to allow secure boot enablement on AGX Xavier platform.
you may update the binary to include this change, or, please expect next public release will revise this issue.