Fail to boot with SBK

S.Harumoto · September 19, 2023, 8:00am

I’m working on Secureboot Orin Nano 4GB with our customboard in L4T R35.4.1.

I burned SBK and PKC.

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x7..."/>
    <fuse name="SecureBootKey" size="32" value="0x31..."/>
    <fuse name="BootSecurityInfo" size="4" value="0x209"/>
</genericfuse>

I created massflash image with following command.

sudo BOARDID=3767 BOARDSKU=0004 ./tools/kernel_flash/l4t_initrd_flash.sh --no-flash \
        --external-device nvme0n1p1 \
        -S ${ROOTFS_SIZE} \
        -c ./tools/kernel_flash/flash_l4t_t234_nvme.xml \
        -u uefi_keys/keys/pkc_rsa3k.pem \
        -v uefi_keys/keys/sbk.key \
        --uefi-keys uefi_keys/keys/uefi_keys.conf \
        -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml --no-systemimg" \
        --massflash 5 \
        --showlogs \
        ${TARGET_CONF} \
        nvme0n1p1

and flash with following commad.

sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only --massflash 5

Flashing completes successfully. But fail to boot.

[0000.331] I> Size of crypto header is 8192
[0000.335] I> Size of crypto header is 8192
[0000.339] I> strt_pg_num(66816) num_of_pgs(16) read_buf(0x40050000)
[0000.345] I> BCH of MEM-BCT-1 read from storage
[0000.350] I> BCH address is : 0x40050000
[0000.354] I> MEM-BCT-1 header integrity check is success
[0000.359] I> Binary magic in BCH component 1 is MEM1
[0000.364] I> component binary type is 1
[0000.367] I> strt_pg_num(66947) num_of_pgs(115) read_buf(0x40040000)
[0000.374] I> MEM-BCT-1 binary is read from storage
[0000.380] C> LOADER: Could not read binary 1.
[0000.384] C> MSS: Failed to load MEMBCT.
[0000.388] C> Task 0x1c failed (err: 0x48229418)
[0000.392] E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
[0000.400] C> Boot Info Table status dump :
0111111100111000111111111111

here is a logs
uart_log.txt (94.3 KB)
host_pc.txt (43.9 KB)

I have tried it with only PKC enabled on other modules and it works fine.
So, I think there is a problem with the enabling SBK.

Can you tell anything from the error message?
Is there any way to verify SBK in Fuse?

S.Harumoto · September 20, 2023, 1:19am

I also tried with Jetson Xavier devkit + same module(OrinNano 4GB).
Flashing completes successfully. But fail to boot.
Therefore, there is no relationship between this error and the custom board.

Linux_for_Tegra$ sudo ./flash.sh --no-systemimg -u uefi_keys/keys/pkc_rsa3k.pem -v uefi_keys/keys/sbk.key -c bootloader/t186ref/cfg/flash_t234_qspi.xml p3509-a02+p3767-0000 nvme0n1p1
...
[ 408.1420 ] tegrarcm_v2 --chip 0x23 0 --reboot coldboot
[ 408.1425 ] MB2 version 01.00.0000

[0000.394] E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
[0000.402] C> Boot Info Table status dump :
0111111100111000111111111111

I also tried flashing with wrong SBK.
This does not work at all.
Since the flashing is completed only with the correct SBK, I think SBK in Fuse is successfully burned.

My questions are as follows.

What caused this error?
Are the parameters in the xml file correct?

JerryChang · September 20, 2023, 7:35am

hello S.Harumoto,

please refer to Topic 263458.
we’ve check and confirm fuse burning, and image flashing on Orin NX with a success.

S.Harumoto · September 20, 2023, 8:03am

Thanks for reply.
I followed Topic 263458.

Linux_for_Tegra$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --no-flash --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_external.xml -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" -u uefi_keys/keys/pkc_rsa3k.pem -v uefi_keys/keys/sbk.key --showlogs --network usb0 p3509-a02+p3767-0000 internal
Linux_for_Tegra$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only -u uefi_keys/keys/pkc_rsa3k.pem -v uefi_keys/keys/sbk.key p3509-a02+p3767-0000 internal

Flashing completes successfully. But the same error still occurs.

[0000.393] E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
[0000.401] C> Boot Info Table status dump :
0111111100111000111111111111

Is the XML file I posted before wrong?

JerryChang · September 20, 2023, 8:46am

please note that the board info above is Orin NX + Xavier NX carrier board.
you may also update the property according to your device setup.

S.Harumoto · September 20, 2023, 11:36pm

I am using XavierNX carrier board.
So, I use p3509-a02+p3767-0000.conf.

Since this problem is in the early stages of the bootloader, I think it does not affect which board is used.

I can burn Fuse to other modules, but I fear the same error will occur.
Do you have any information related to error messages?

S.Harumoto · September 21, 2023, 12:58am

Here is additional information.
I also tried with Jetson OrinNano devkit + same module(OrinNano 4GB).
But, Fail to flash.

$ sudo ADDITIONAL_DTB_OVERLAY_OPT="BootOrderNvme.dtbo" ./tools/kernel_flash/l4t_initrd_flash.sh --no-flash --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_external.xml -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" -u uefi_keys/keys/pkc_rsa3k.pem -v uefi_keys/keys/sbk.key --showlogs --network usb0 jetson-orin-nano-devkit internal
...
Finish generating flash package.
Put device in recovery mode, run with option --flash-only to flash device.

$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only -u uefi_keys/keys/pkc_rsa3k.pem -v uefi_keys/keys/sbk.key jetson-orin-nano-devkit internal
/home/ubuntu1/jetson/DX-U2200_R35.4.1/Linux_for_Tegra/tools/kernel_flash/l4t_initrd_flash_internal.sh  --usb-instance 1-11.2 --device-instance 0 --flash-only --external-device nvme0n1p1 -c "tools/kernel_flash/flash_l4t_external.xml" --network usb0 jetson-orin-nano-devkit internal
...
mem_rcm_sigheader_encrypt.bct.signed --download blob blob.bin
[   0.2243 ] BL: version 1.2.0.0-t234-54845784-562369e5 last_boot_error: 1210225688
[   0.3035 ] Sending bct_mem
[   0.3217 ] Sending blob
[   0.3947 ] ERROR: might be timeout in USB write.
Error: Return value 3
Command tegrarcm_v2 --instance 1-11.2 --chip 0x23 0 --pollbl --download bct_mem mem_rcm_sigheader_encrypt.bct.signed --download blob blob.bin
Cleaning up...

The same error occured in debug console.

[0000.394] E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
[0000.402] C> Boot Info Table status dump :
0111111100111000111111111111

The flashing commands are same with Topic 263458, so I think there is a problem with Fuse or the key.
Is there any way to confirm values in Fuse?

JerryChang · September 21, 2023, 7:10am

hello S.Harumoto,

it’s script file, l4t_initrd_flash.sh for sending little kernel to the target, and host for waiting device boot-up.
it’s by default waiting for 1-min till timeout.
for example,
$OUT/Linux_for_Tegra/tools/kernel_flash$ vim ./l4t_network_flash.func

wait_for_flash_ssh()
{
        maxcount=${timeout:-60}
        printf "%s" "Waiting for device to expose ssh ..."
        count=0
        while ! ping_flash_device "${1}"
        do
                printf "..."
                count=$((count + 1))
                if [ "${count}" -ge "${maxcount}" ]; then
                        echo "Timeout"

S.Harumoto · September 21, 2023, 7:39am

Sorry for the misunderstanding.
I know that the timeout occurred as a result of an error displayed in the debug console.

What I want to know is the reason for the error in the debug console.
uart_log.txt (94.3 KB)
I assume that this error is probably due to the value in Fuse.
Is there any way to confirm values in Fuse?

JerryChang · September 21, 2023, 8:29am

you shall see logs about fuse values after you complete fuse burning.
or… you may execute odmfuseread.sh to check the values.

S.Harumoto · September 21, 2023, 9:11am

I checked fused values.

Linux_for_Tegra$ sudo ./odmfuse.sh -k uefi_keys/keys/pkc_rsa3k.pem -S uefi_keys/keys/sbk.key --test -i 0x23 jetson-orin-nano-devkit
...
PublicKeyHash: 7dxxxxxxxxxxxxxxxxxxxxxxxx
BootSecurityInfo: 00000209
ArmJtagDisable: 00000000
SecurityMode: 00000000
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
...

odmfuse.txt (76.8 KB)
I can’t find the SBK.
odmfuse.sh works successfully.
Is the SBK written correctly?

JerryChang · September 22, 2023, 3:04am

hello S.Harumoto,

there should be… SecureBootKey in the fuse_info.
is this target ever fused before?
may I also know the SBK key formats, are you referring to Prepare an SBK key?

S.Harumoto · September 22, 2023, 4:07am

This target is burned with my first post’s xml file.

Here is my SBK key formats.

$ cat uefi_keys/keys/sbk.key
0x31110a13 0xa3d4ec1d 0xdd67dd6a 0xfdabff59 0xffe13453 0x0480fb9d 0x31e95506 0x95508f8a

SecurityMode isn’t burned. So I should be able to see SBK value in the fuse.
How can I check SBK? Or is it impossible to check?

JerryChang · September 22, 2023, 7:01am

so… is this target has fused before with PKC key?
are you able to perform odmfuseread.sh to examine the fuse values.

S.Harumoto · September 22, 2023, 7:15am

is this target has fused before with PKC key?

Yes, it is.

are you able to perform odmfuseread.sh to examine the fuse values.

No, it fails.
the same err appeared.

odmfuseread.log (20.6 KB)

Linux_for_Tegra$ sudo ./odmfuseread.sh -i 0x23 -k uefi_keys/keys/pkc_rsa3k.pem -S uefi_keys/keys/sbk.key jetson-orin-nano-devkit
...
[   0.5630 ] ERROR: might be timeout in USB write.
Error: Return value 3
Command tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct
Reading board information failed.

uart.txt (14.3 KB)


[0000.377] C> LOADER: Could not read binary 1.
[0000.381] C> MSS: Failed to load MEMBCT.
[0000.385] C> Task 0x1c failed (err: 0x48229418)
[0000.389] E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
[0000.397] C> Boot Info Table status dump :
0111111100111000111111111111

JerryChang · September 22, 2023, 7:41am

hello S.Harumoto,

I doubt SBK has not fused, please try given only PKC key for reading fuse values.
for example, $ sudo ./odmfuseread.sh -i 0x23 -k uefi_keys/keys/pkc_rsa3k.pem jetson-orin-nano-devkit

S.Harumoto · September 22, 2023, 7:52am

It dosen’t works.
SBK is required.

$ sudo ./odmfuseread.sh -i 0x23 -k uefi_keys/keys/pkc_rsa3k.pem jetson-orin-nano-devkit
Error: Either PKC or SBK key is not provided for SBK+PKC protected target board.

I suspect other factors.
Is BootSecurityInfo 0x209 correct?
I use rsa 3k key for PKC.

JerryChang · September 22, 2023, 8:59am

it looks odmfuse has recognize this target as PKC+SBK fused device.
please check Jetson AGX Orin Fuse Specification for fuse name, FUSE_BOOT_SECURITY_INFO_0 for more details.

S.Harumoto · September 22, 2023, 9:12am

I think I burned SBK and PKC.

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x7..."/>
    <fuse name="SecureBootKey" size="32" value="0x31..."/>
    <fuse name="BootSecurityInfo" size="4" value="0x209"/>
</genericfuse>

So, it is natural that odmfuse has recognize this target as PKC+SBK fused device, isn’t it?

I review BootSecurityInfo.

Bits [2:0] mapped to Secure Boot Authentication Scheme
  001b: 3072-bit RSA
Bit [3] secure boot encryption scheme (SBK) enable 
Bit [9] ODM Key Valid
=>0010 0000 1001b => 0x209

Do I need to activate anything else?

JerryChang · September 25, 2023, 2:49am

you may check this forum topic, Topic 266387 for more details of BootSecurityInfo.