Flash secure-os or eks partition failed

zjfsharp · May 18, 2021, 11:53am

Hi, everyone:

I try to flash secure-os or eks partition on Jetson AGX Xavier with L4T R32.5.1 archive, but I failed.

I have secure boot enabled with SBKPKC, so I flashed the partition with like this:

sudo ./flash.sh -u xxx/rsa_pri.pem -v xxx/SBK -k secure-os jetson-agx-xavier-devkit mmcblk0p1

or

  sudo ./flash.sh -u xxx/rsa_pri.pem -v xxx/SBK -k eks jetson-agx-xavier-devkit mmcblk0p1

I got failed, the error is:

Error: Return value 22
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml
Failed to flash/read t186ref

Any help would be much appreciated.

Thanks.

JerryChang · May 19, 2021, 2:40am

hello zjfsharp,

FYI, partition update (i.e. -k switch) is NOT functional after secureBoot enabled.
may I have more details of updating EKS partition?
it’s suggest to have A/B updates securely, please using dd commands to overwrite the partition for the updates.
thanks

zjfsharp · May 19, 2021, 2:58am

Thanks for your reply.

I have tried this sudo ./flash.sh -u xxx/rsa_pri.key -k eks jetson-xavier-nx-devkit mmcblk0p1 or sudo ./flash.sh -u xxx/rsa_pri.key -k secure-os jetson-xavier-nx-devkit on Jetson NX with L4T R32.4.3 successful before.

Today I update L4T from R32.4.3 to R32.5.1, this feature is not supported?

Jetson Nx and Jetson agx xavier secure boot are all enabled.

I have made a custom eks.img that need to be updated, now how can I do this on secure booted Jetson nx and jetson agx xavier with L4t R32.5.1?

JerryChang · May 19, 2021, 4:30am

hello zjfsharp,

here’s one way you may have a try,
first, generate the eks_sigheader.img.encrypt with your own keys by l4t_sign_image.sh.
check the partition label, $ ls -al /dev/disk/by-partlabel of your target.
for example, eks -> ../../mmcblk0p12
after that,
please copy the binary by scp to your target, using the dd commands to update eks partition.
i.e. $ sudo dd if=eks_sigheader.img.encrypt of=/dev/mmcblk0p12
perform a warm-reboot to have the update takes effect,
thanks

zjfsharp · May 19, 2021, 7:01am

how to warm-reboot?

JerryChang · May 19, 2021, 7:32am

it means using software commands to reboot the board, i.e. $ sudo reboot

zjfsharp · May 19, 2021, 9:19am

sudo reboot

Rebooting causes the machine to fail to boot. :(

JerryChang · May 19, 2021, 9:24am

There is no update from you for a period, assuming this is not an issue any more.
Hence we are closing this topic. If need further support, please open a new one.
Thanks

hello zjfsharp,

please setup serial console and share the log messages for reference,
thanks

Topic		Replies	Views
Cant boot after enable Security Boot(Jetson AGX Xavier) Jetson AGX Xavier boot , reflash , security	11	1914	May 11, 2022
Secure-os partition flashing method Jetson AGX Xavier boot , security	8	17	November 19, 2024
Reflash secureboot failed Jetson AGX Xavier boot , reflash	20	2004	October 18, 2021
Failed to flash signed boot image Jetson Xavier NX security	10	1373	September 19, 2021
Flash paration failed after enable secure boot Jetson TX2 security	2	483	May 30, 2023
Failed to flash Jetson AGX Xavier Jetson AGX Xavier boot	22	130	November 28, 2024
Enabling UEFI Secureboot JP 5.1 L4T 35.2.1 Jetson AGX Xavier security , nvbugs	4	1529	March 29, 2023
Unable to Flash Jetson AGX Xavier Platform Jetson AGX Xavier jetpack , sdkm , setup , system-setup	10	2949	January 12, 2022
ERROR: Flash Jetson AGX Xavier 16GB/32GB - flash: 30402 blocks Jetson AGX Xavier sdkm , reflash	5	2069	October 18, 2021
Enabling disk encryption doesn't boot the device // Jetson Xavier NX // P3668-0001 Jetson Xavier NX security	12	1933	March 29, 2022

Flash secure-os or eks partition failed

Related topics