Failed to flash Jetson AGX Xavier

Robotics & Edge Computing Jetson & Embedded Systems Jetson AGX Xavier
1

Hello, I am using Jetson AGX Xaiver (5.1.3 for initial flash),

I booted normally and make initial setup without setting up any storage. Then I added an SD card for root folder and make it default root with

Now I wanted to make it more secure so I found out about Security features for AGX Xavier from

https://docs.nvidia.com/jetson/archives/r35.6.0/DeveloperGuide/SD/Security.html

and I started with Secure Boot.

I successfully followed steps until after fuse I needed to flash

I run command below:
sudo ./flash.sh -u ~/JetsonXavierSecureBoot/locker.pem jetson-agx-xavier-devkit mmcblk0p1

The process fails with
…
[ 0.2198 ] RCM version 0X16
[ 0.2213 ] Boot Rom communication failed
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.

and now It doesn’t even boot, I tryed to flash from SDKManager however it keeps getting me error. I am stuck and documents are not helping. I can provide more information if needed, I just don’t know what to share to solve this problem.

Can somebody direct me toward a answer or solution please?

Thank you

Edit 1: Also when before I tryed secure boot SDK Manager can directy detect the device correctly however right now it detect a possible list of devices, still sees Jetson AGX Xavier, however it is not the first or direct choice of SDK manager. I don’t know if this information helps just wanted to mention

3

Hi furkandedizkan,

Are you using the devkit or custom board for AGX Xavier?

Have you tried using SDK manager to flash the board and it could boot up successfully before you fuse/enable secureboot?

1 Like
4

I am using the devkit.

I have used sdk manager and card works and boots up, then I checked the security features and fused it. Now i doesn’t even boot up. The power light comes and it stays however no screen or anything can be seen when HDMI connected also, however when I connected USB to flash cable its conenction shown with lsub and it seems it is on recovery mode

5

I have tryed to flash from SKD again and it fails. I can send the error logs if needed

6

It seems you can flash the devkit successfully but it fails after you try to fuse the board?

Please try using the following command to flash the board first.

$ sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1
7

Here is my step for this command

I put the Nvidia Xavier dev kti into recovery mode with holding recovery button (middle one) then power it up. After 3-5 seconds I stop holding the recovery button

Screenshot from 2024-10-23 11-38-56 (1)
Screenshot from 2024-10-23 11-38-56 (1)689Ă—160 28.4 KB

I am using a terminal, just wantted to check if SDK Manager can detect and see the device, I checked SDK Manager

Screenshot from 2024-10-23 11-40-44
Screenshot from 2024-10-23 11-40-441259Ă—748 157 KB

(Also my local machine is capable of flashing, because we did flash other devices before.)

Then I run your command

Screenshot from 2024-10-23 11-43-29 (1)
Screenshot from 2024-10-23 11-43-29 (1)1252Ă—254 40.4 KB

It is probably asking for RSA key and other stuff so I checked the docs

https://docs.nvidia.com/jetson/archives/r35.6.0/DeveloperGuide/SD/Security/SecureBoot.html#sign-and-flash-secured-images

To flash an SBKPKC-fused Jetson AGX Xavier target:

$ sudo ./flash.sh -u <pkc_keyfile> -v <sbk_keyfile> jetson-agx-xavier-devkit mmcblk0p1

Screenshot from 2024-10-23 11-53-55 (1)
Screenshot from 2024-10-23 11-53-55 (1)1392Ă—216 31.8 KB

Am I missing something, the board should be on recovery mode. DO I need to connect the pins with cable to enable recovery mode?

8

It seems <Linux_for_Tegra>/rootfs/etc/user_release_version can not be found on your host.

Could you refer to Quick Start — NVIDIA Jetson Linux Developer Guide 1 documentation to setup BSP package and sample rootfs on your host?

9

I started following step by step, I am probably missing something,

I go to Jetson Linux Archive | NVIDIA Developer and downloaded required zip files from 35.6.0 → Jetson Linux | NVIDIA Developer

Then I started to extract them with tar

$ tar xf Jetson_Linux_R35.6.0_aarch64.tbz2
$ sudo tar xpf ubuntu_focal-l4t_aarch64_src.tbz2 -C Linux_for_Tegra/rootfs/
$ cd Linux_for_Tegra/

Then I do

$ sudo ./apply_binaries.sh

Which gives out

Screenshot from 2024-10-24 17-26-00 (1)
Screenshot from 2024-10-24 17-26-00 (1)889Ă—274 32.3 KB

What does that even mean, I checked inside the rootfs I only have a file which has passwd inside named base-passwd_3.5.47 .dsc and tar.xz file

10

It seems you extracted the wrong compressed file to rootfs.

Please download Sample Root Filesystem instead.

11

I recompiled the initial steps as mentioned in guide in my local pc.

$ tar xf ${L4T_RELEASE_PACKAGE}
$ sudo tar xpf ${SAMPLE_FS_PACKAGE} -C Linux_for_Tegra/rootfs/
$ cd Linux_for_Tegra/
$ sudo ./apply_binaries.sh
$ sudo ./tools/l4t_flash_prerequisites.sh

Then I connected the device and turn it on in forced recovery state which I can confirm from lsusb output

Bus 003 Device 005: ID 0955:7019 NVIDIA Corp. APX

Then, when I tryed the

sudo ./flash.sh jetson-agx-xavier-devkit internal

I get the following error

###############################################################################
# L4T BSP Information:
# R35 , REVISION: 6.0
# User release: 0.0
###############################################################################
ECID is 0x98021911647e25c8000000000f038240
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: PKC, 
# Disk encryption: disabled ,
###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

I failed to process secure boot steps before, is the device is locked or am I doing something wrong.

After this I tryed the earlier command with RSA key as well

sudo ./flash.sh -u ~/JetsonXavierSecureBoot/locker.pem -v ~/JetsonXavierSecureBoot/sbk_key_file.key jetson-agx-xavier-devkit mmcblk0p1

###############################################################################
# L4T BSP Information:
# R35 , REVISION: 6.0
# User release: 0.0
###############################################################################
ECID is 0x98021911647e25c8000000000f038240
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: PKC, 
# Disk encryption: disabled ,
###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

Then tryed to flash from sdk manager, it also failed.

Here is my export log

SDKM_logs_JetPack_5.1.4_Linux_for_Jetson_AGX_Xavier_2024-10-30_09-50-16.zip (254.4 KB)

12 
09:50:22.043 - info: Event: NV_L4T_FLASH_JETSON_LINUX_COMP@JETSON_AGX_XAVIER_TARGETS - error is: import yaml
09:50:22.043 - error: NV_L4T_FLASH_JETSON_LINUX_COMP@JETSON_AGX_XAVIER_TARGETS: ModuleNotFoundError: No module named 'yaml'
09:50:22.043 - info: Event: NV_L4T_FLASH_JETSON_LINUX_COMP@JETSON_AGX_XAVIER_TARGETS - error is: ModuleNotFoundError: No module named 'yaml'

I’ve found above yaml error in your SDKM log.
Please check if Use sdkmanager to flash the jetson orin nx failed - #27 by fschiffel could help in your case.

Are you using a fused board? (i.e. is the secureboot enabled in your case?)
If so, you have to specify -u and -v options in flash command.

Please try using the following command instead.

$ sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1
13

Hi, I am Osman. “furkanedizkan” who is faced this problem first has leaved. I am trying to solve this problem. I have applied all solutions on this page and I also tried boot jetson xavier with sdk manager, but I have faced other problem. When I try to use

sudo ./flash.sh -u ~/JetsonXavierSecureBoot/locker.pem -v ~/JetsonXavierSecureBoot/sbk_key_file.key jetson-agx-xavier-devkit mmcblk0p1

this command, it returns me back

###############################################################################
# L4T BSP Information:
# R35 , REVISION: 6.0
# User release: 0.0
###############################################################################
ECID is 0x98021911647e25c8000000000f038240
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: PKC, 
# Disk encryption: disabled ,
###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

If I do not restart jetson xavier or turn it off and on, the second time I execute the command I get the following error

Error: probing the target board failed.
Make sure the target board is connected through
USB port and is in recovery mode.

I think jetson xavier agx can’t enter force recovery mode because when I type lsusb on host machine, I see something like Bus *** Device ***: ID 0955: 7019 Nvidia Corp. Apx What does Apx mean?

14

Hi Osman,

Are you working with furkanedizkan and you will take over this topic?

Have you confirmed that the PKC/SBK key are correct when you fused the board?

Have you tried simply using the following command to flash the board?

$ sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1
15

I took over the topic. Yes I have checked the PKC/SBK keys are correct. Also I have tried simple command that below

sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1

still it gives same output.

16

Please share the full flash log when you run this command.

17

The error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board suggests that your target board (Jetson AGX Xavier) is in “PKC” (Public Key Cryptography) mode.

18

Here is the steps.

  1. I powered on Jetson Xavier in forced recovery mode with pressing middle button.
  2. I typed lsusb on host machine. Output is below.
    Bus 001 Device 007: ID 0955:7019 NVIDIA Corp. APX
  3. I run script that you write which is sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1. Here is the output.
###############################################################################
# L4T BSP Information:
# R35 , REVISION: 4.1
# User release: 0.0
###############################################################################
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: PKC, 
# Disk encryption: disabled ,
###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.
  1. When I try to run same command again it gives me output that in below.
###############################################################################
# L4T BSP Information:
# R35 , REVISION: 4.1
# User release: 0.0
###############################################################################
Error: probing the target board failed.
       Make sure the target board is connected through 
       USB port and is in recovery mode.

After here, if I don’t restart the Jetson Xavier, it gives same error(Error: probing the target board failed) even I try running command with keys.

19

It seems you are using a fused board so that you have to specify the correct PKC/SBK key in the command.

It is the expected result since it is not in force recovery state at this moment.

20

I think, I can’t put Jetson Xavier in force recovery mode, because when I try the command with PKC/SBK keys, it gives me output in below, command:
sudo ./flash.sh -u ~/JetsonXavierSecureBoot/locker.pem -v ~/JetsonXavierSecureBoot/sbk_key_file.key jetson-agx-xavier-devkit mmcblk0p1 

###############################################################################
# L4T BSP Information:
# R35 , REVISION: 4.1
# User release: 0.0
###############################################################################
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: PKC, 
# Disk encryption: disabled ,
###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

When I restart the Xavier without pressing middle button, it gives me same output again.
Is there an another way to put Jetson in force recovery mode without using middle button?

21

You can enter into force recovery state with either the following methods.

  1. Remove Power cable → Press REC button → Plug Power cable → Press Power button
  2. If you can boot up the board, run the following command:
$ sudo reboot force-recovery

Please just run lsusb on your host to confirm if it is in force recovery state.

Do you have other un-fused AGX Xavier module?
If so, please put them on the board and run the following command to flash the board.

$ sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1