Hi Sir/Madam,
We can rcm boot from NFS without enabling fuse by this command
sudo ./flash.sh -N 192.168.x.x:/nfs_path --rcm-boot jetson-xavier eth0
Now we are testing to enable fuse on Xavier(R32.2) and want to use rcm boot from nfs.
We use the following command but fail to boot
sudo ./flash.sh -v sbk_key -u pkc_key -N 192.168.x.x:/nfs_path --rcm-boot jetson-xavier eth0
It fails at “Reading board information failed”
[ 0.3312 ] Boot Rom communication
[ 0.3320 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[ 0.3327 ] RCM version 0X190001
[ 0.3367 ] Bootrom returned error 22
[ 0.3634 ] Boot Rom communication failed
[ 0.3634 ]
Error: Return value 22
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.
Whole log messages is the attache
Could you give us some suggestions?
Thank you
rcm_nfs_fail.log (3.93 KB)
hello JasonFan,
just for confirmation, did you board already burning fuse with PKC and SBK ?
Hi Jerry,
Yes. My Xavier module has already been burning fuse with PCK and SBK with rootdev=mmcblk0p1.
hello JasonFan,
could you please share the board revision,
you might running with flash script to parse the board info.
for example,
$ sudo ./flash --no-flash -r jetson-Xavier mmcblk0p1
...
Board ID(2888) version(400) sku(0001) revision(D.0)
Hi Jerry,
I can’t get the board info of Xavier that has been burning fuse even add -v -u.(the same failure)
I get the board info from another Xavier module that without enabling fuse as below
Board ID(2888) version(400) sku(0001) revision(J.0)
hello JasonFan,
rcm-boot from NFS can always proceed regardless device is fused or non-fused.
If fused (in general means PKC fused), bootloader (or rcm message) is signed with PKC private key.
If unfused, bootloader (or rcm message) is signed with zero-sbk key.
could you please narrow down the issue more further.
were you able to flash the board (with the same PKC and SBK keys) via type-c connection directly?
thanks
Hi JerryChang,
Do you mean no mater fused or non-fused, “sudo ./flash.sh -N 192.168.x.x:/nfs_path --rcm-boot jetson-xavier eth0” can always boot from rcm mode right?
If yes, actually there is still one problem because PKC private key is owned by customer, they won’t release it to us.
Now we are trying to use tegraflash.py to send commands and binaries to Xavier directly.
Thanks
Jason
hello JasonFan,
Once device is fused, Secureboot prevents execution of unauthorized boot codes through chain of trust.
may I know what’s the use-case of trying to use tegraflash.py to send commands and binaries to Xavier directly,
would you like to perform remote update, such as OTA?
thanks
Hi JerryChang,
The whole idea is when production in factory, we need to process some devices that have been burned fuse to re-flash to factory images or re-flash to shipping images.
We are considering to use rcm-nfs mechanism to achieve this goal. To mount our manufacturer rootfs and re-flash again. To use tegraflash.ph will not re-generate some files again, just start rcm-boot directly, it would be benefit for mass production.
hello JasonFan,
could you please have a try to add --skipuid options into flash script to workaround the issue.
thanks