Flash secure-os or eks partition failed

Hi, everyone:

I try to flash secure-os or eks partition on Jetson AGX Xavier with L4T R32.5.1 archive, but I failed.

I have secure boot enabled with SBKPKC, so I flashed the partition with like this:

sudo ./flash.sh -u xxx/rsa_pri.pem -v xxx/SBK -k secure-os jetson-agx-xavier-devkit mmcblk0p1 


  sudo ./flash.sh -u xxx/rsa_pri.pem -v xxx/SBK -k eks jetson-agx-xavier-devkit mmcblk0p1 

I got failed, the error is:

Error: Return value 22
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml
Failed to flash/read t186ref

Any help would be much appreciated.


hello zjfsharp,

FYI, partition update (i.e. -k switch) is NOT functional after secureBoot enabled.
may I have more details of updating EKS partition?
it’s suggest to have A/B updates securely, please using dd commands to overwrite the partition for the updates.

Thanks for your reply.

I have tried this sudo ./flash.sh -u xxx/rsa_pri.key -k eks jetson-xavier-nx-devkit mmcblk0p1 or sudo ./flash.sh -u xxx/rsa_pri.key -k secure-os jetson-xavier-nx-devkit on Jetson NX with L4T R32.4.3 successful before.

Today I update L4T from R32.4.3 to R32.5.1, this feature is not supported?

Jetson Nx and Jetson agx xavier secure boot are all enabled.

I have made a custom eks.img that need to be updated, now how can I do this on secure booted Jetson nx and jetson agx xavier with L4t R32.5.1?

hello zjfsharp,

here’s one way you may have a try,
first, generate the eks_sigheader.img.encrypt with your own keys by l4t_sign_image.sh.
check the partition label, $ ls -al /dev/disk/by-partlabel of your target.
for example, eks -> ../../mmcblk0p12
after that,
please copy the binary by scp to your target, using the dd commands to update eks partition.
i.e. $ sudo dd if=eks_sigheader.img.encrypt of=/dev/mmcblk0p12
perform a warm-reboot to have the update takes effect,

how to warm-reboot?

it means using software commands to reboot the board, i.e. $ sudo reboot

sudo reboot

Rebooting causes the machine to fail to boot. :(

There is no update from you for a period, assuming this is not an issue any more.
Hence we are closing this topic. If need further support, please open a new one.

hello zjfsharp,

please setup serial console and share the log messages for reference,