Flashing failed after burning fuses

Robotics & Edge Computing Jetson & Embedded Systems Jetson AGX Orin
1

Hi all

I am working on secure boot . After burning the fuses, I built the image offline using --no-flash option. However, during flashing, it failed with the following error message:

I/TC: Non-secure external DT found
I/TC: OP-TEE version: 4.2 (gcc version 13.3.0 (GCC)) #1 Sun Jan  5 04:49:34 UTC 2025 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: Test OEM keys are being used. This is insecure for shipping products!
E/TC:00 00 ekb_extraction_process:404 Tried all EKB_RKs but still can't extract the EKB image.
E/TC:00 00 jetson_user_key_pta_init:1154 jetson_user_key_pta_init: Failed (ffff000f).
E/TC:00 00 call_initcalls:43 Initcall __text_start + 0x0016b110 failed
I/TC: Primary CPU switching to normal world boot
��
  Jetson UEFI firmware (version v36.4.0 built on 2024-10-01T15:28:28+00:00)


��I/TC: Reserved shared memory is disabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
I/TC: WARNING: Test UEFI variable auth key is being used !
I/TC: WARNING: UEFI variable protection is not fully enabled !
��



  ��[     5.875499] Camera-FW on t234-rce-safe started
TCU early console enabled.
��

Here’s what I did

  1. Burn fuses on my AGX Orin using odmfuse.sh -X fuse_config.xml -i 0x23 jetson-agx-orin-devkit
<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="ArmJtagDisable" size="4" value="0x1" />
    <fuse name="OptInEnable" size="4" value="0x1" />
    <fuse name="PublicKeyHash" size="64" value="redacted" />
    <fuse name="PkcPubkeyHash1" size="64" value="redacted" />
    <fuse name="PkcPubkeyHash2" size="64" value="redacted" />
    <fuse name="SecureBootKey" size="32" value="redacted" />
    <fuse name="OemK1" size="32" value="redacted" />
    <fuse name="OemK2" size="32" value="redacted" />
    <fuse name="BootSecurityInfo" size="4" value="0x9" />
</genericfuse>
  1. Then I proceed to build the EKB image using the same OEM K1 key
gen_ekb.py -chip t234 \
           -oem_k1_key "<same OEMK1 key as above>" \
           -in_sym_key "<32 byte UEFI enc key>" \
           -in_sym_key2 "<16 byte disk enc key>" \
           -in_auth_key "<16 byte UEFI auth key>" \
           -out "ekb.img"
  1. Run build with --no-flash option and provided signing private key and SBK using -u and -v option respectively.
  2. Run following command to flash
./tegraflash.py --bl uefi_jetson_with_dtb_aligned_blob_w_bin_sigheader_encrypt.bin.signed --bct br_bct_BR.bct --applet rcm_2_signed.rcm --applet_softfuse rcm_1_signed.rcm --cmd "secureflash;reboot"  --cfg secureflash.xml --chip 0x23 --mb1_bct mb1_bct_MB1_sigheader_encrypt.bct.signed --mem_bct mem_rcm_sigheader_encrypt.bct.signed --mb1_cold_boot_bct mb1_cold_boot_bct_MB1_sigheader_encrypt.bct.signed --mb1_bin mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --psc_bl1_bin psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --mem_bct_cold_boot mem_coldboot_aligned_sigheader_encrypt.bct.signed  --bins "psc_fw pscfw_t234_prod_sigheader_encrypt.bin.signed; mts_mce mce_flash_o10_cr_prod_sigheader_encrypt.bin.signed; mb2_applet applet_t234_sigheader_encrypt.bin.signed; mb2_bootloader mb2_t234_with_mb2_bct_MB2_sigheader_encrypt.bin.signed; xusb_fw xusb_t234_prod_sigheader_encrypt.bin.signed; pva_fw nvpva_020_sigheader_encrypt.fw.signed; dce_fw display-t234-dce_sigheader_encrypt.bin.signed; nvdec nvdec_t234_prod_sigheader_encrypt.fw.signed; bpmp_fw bpmp_t234-TE990M-A1_prod_sigheader_encrypt.bin.signed; bpmp_fw_dtb tegra234-bpmp-3701-0005-3737-0000_with_odm_sigheader_encrypt.dtb.signed; rce_fw camera-rtcpu-t234-rce_sigheader_encrypt.img.signed; ape_fw adsp-fw_sigheader_encrypt.bin.signed; spe_fw spe_t234_sigheader_encrypt.bin.signed; tsec_fw tsec_t234_sigheader_encrypt.bin.signed; tos tos-optee_t234_sigheader_encrypt.img.signed; eks eks_sigheader_encrypt.img.signed"    --bct_backup

Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0985 ] Parsing partition layout
[   0.1044 ] tegraparser_v2 --pt secureflash.xml.tmp
[   0.1099 ] Parsing partition layout
[   0.1114 ] tegraparser_v2 --pt secureflash.xml.tmp
[   0.1134 ] mb1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from --mb1_bin
[   0.1134 ] psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from --psc_bl1_bin
[   0.1134 ] Boot Rom communication
[   0.1142 ] tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   0.1158 ] BR_CID: 0x89012344705DE7E08400000015010280
[   0.1167 ] Sending bct_br
[   0.1169 ] Sending mb1
[   0.1221 ] ERROR: might be timeout in USB write.
[   0.1221 ] 
Error: Return value 3
Command tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed

The error seems to indicate that something’s wrong with the EKB image? So I tried regenerating the EKB again and flashing but still getting the same error.

Another weird thing I noticed is that the EKB image seems to be non-deterministic (as in given the exact same inputs, the output generated is different every time and I confirmed this by comparing the hashes).

Any clues on what I am missing here?

3

hello tanlu,

is the target bootable? please try running the script file to read fuses for confirmation.
for instance $ sudo nv_fuse_read.sh

please see-also Jetson AGX Orin FAQ to disable autosuspend on host PC regrading to this failure, ERROR: might be timeout in USB write.
for instance,
$ sudo -s
$ echo -1 > /sys/module/usbcore/parameters/autosuspend

4

Disabled USB autosuspend, and power cycled the host PC and device multiple but still getting the same error.

The device is still able to boot up, albeit running the older version.

# ./nv_fuse_read.sh
odm_lock: 0x00000000
revoke_pk_h0: 0x00000000
revoke_pk_h1: 0x00000000
optin_enable: 0x00000001
public_key_hash: <64 byte hash>
boot_security_info: 0x00000009
odmid: 0x0000000000000000
pk_h1: <64-byte hash>
pk_h2: <64-byte hash>
security_mode: 0x00000000
reserved_odm2: 0x00000000
reserved_odm3: 0x00000000
reserved_odm0: 0x00000000
reserved_odm1: 0x00000000
reserved_odm6: 0x00000000
reserved_odm7: 0x00000000
reserved_odm4: 0x00000000
reserved_odm5: 0x00000000
odminfo: 0x00000000
system_fw_field_ratchet1: 0x00000000
system_fw_field_ratchet0: 0x00000000
system_fw_field_ratchet3: 0x00000000
system_fw_field_ratchet2: 0x00000000
ecid: 0x847263741154040a
5

Got some clues from this post here Implement Jetson Secure Boot without UEFI Secure Boot on Jetson AGX Orin - #6 by jim.pedavoli. Bit-9 of FUSE_BOOT_SECURITY_INFO_0 on my device is set to 0.

So I tried burning the fuses again after making the change in my fuse XML to set bit 9 to 1

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="ArmJtagDisable" size="4" value="0x1" />
    <fuse name="OptInEnable" size="4" value="0x1" />
    <fuse name="PublicKeyHash" size="64" value="redacted" />
    <fuse name="PkcPubkeyHash1" size="64" value="redacted" />
    <fuse name="PkcPubkeyHash2" size="64" value="redacted" />
    <fuse name="SecureBootKey" size="32" value="redacted" />
    <fuse name="OemK1" size="32" value="redacted" />
    <fuse name="OemK2" size="32" value="redacted" />
    <fuse name="BootSecurityInfo" size="4" value="0x209" />
</genericfuse>

Because the PKC/SBK fuses have been burned, I had to pass in the keys when running odmfuse.shand surprisingly it failed as well. The device rebooted and spitted out similar error messages as before.

Any suggestions on how I might recover the device? The device still boots up but seems like I can’t do any flashing.

��NOTICE:  BL31: v2.8(release):l4t-r36.4.0
NOTICE:  BL31: Built : 2025-01-05 04:05:10
I/TC: 
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 4.2 (gcc version 13.3.0 (GCC)) #1 Sun Jan  5 04:49:34 UTC 2025 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: Test OEM keys are being used. This is insecure for shipping products!
E/TC:00 00 ekb_extraction_process:404 Tried all EKB_RKs but still can't extract the EKB image.
E/TC:00 00 jetson_user_key_pta_init:1154 jetson_user_key_pta_init: Failed (ffff000f).
E/TC:00 00 call_initcalls:43 Initcall __text_start + 0x0016b110 failed
I/TC: Primary CPU switching to normal world boot
��

Command to burn fuses

sudo ./odmfuse.sh -X fuse_config_new.xml -i 0x23 -k rsa3k-0.pem -S secboot-key.hex  jetson-agx-orin-devkit
...
...
...
[   1.4448 ] Saving pkc public key in pub_key.key
[   1.4440 ] tegrahost_v2 --chip 0x23 0 --pubkeyhash pub_key.key --updatesigheader mb1_bct_MB1_aligned_sigheader_encrypt.bct.signed mb1_bct_MB1_aligned_sigheader_encrypt.bct.sig oem-rsa
[   1.4464 ] Info: Skip generating mem_bct because sdram_config is not defined
[   1.4464 ] Info: Skip generating mem_bct because sdram_config is not defined
[   1.4464 ] Copying signatures
[   1.4482 ] tegrahost_v2 --chip 0x23 0 --partitionlayout readinfo_t234_min_prod.xml.bin --updatesig images_list_signed.xml --pubkeyhash pub_key.key
[   1.4608 ] mb1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from images_list
[   1.4613 ] psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from images_list
[   1.4614 ] Boot Rom communication
[   1.4622 ] tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   1.4634 ] BR_CID: 0x89012344705DE7E08400000015010280
[   1.4655 ] Sending bct_br
[   1.4660 ] Sending mb1
[   1.4671 ] ERROR: might be timeout in USB write.
Error: Return value 3
Command tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   1.4725 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.4774 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.4806 ] Retrieving board information
[   1.4823 ] tegrarcm_v2 --chip 0x23 0 --oem platformdetails chip chip_info.bin
[   1.4837 ] Retrieving EEPROM data
[   1.4839 ] tegrarcm_v2 --oem platformdetails eeprom cvm /home/tanlu/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/cvm.bin --chip 0x23 0
[   1.4858 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.4877 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.4891 ] Dumping customer Info
[   1.4902 ] tegrarcm_v2 --chip 0x23 0 --oem dump bct tmp.bct
[   1.4930 ] tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/tanlu/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/custinfo_out.bin
[   1.4936 ] File tmp.bct open failed
Error: Return value 19
Command tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/tanlu/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/custinfo_out.bin
Reading board information failed.

Complete boot logs
boot.log (38.3 KB)

6

Suspecting that a bad EKB image might be the issue, I do a clean build again from the Jetpack SDK tarball using the default EKB image.

sudo  ROOTFS_AB=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --no-flash -u ~/rsa3k-0.pem -v ~/secboot-key.hex--showlogs jetson-agx-orin-devkit internal

and then

sudo  ROOTFS_AB=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs -u ~/rsa3k-0.pem -v ~/secboot-key.hex --network usb0 --flash-only

To my surprise flashing works this time using l4t_init4d_flash.sh and device boots up into the new image.

This time, the EKB related errors during bootup are gone. However secure boot is still not enabled.

[    0.000000] secureboot: Secure boot disabled

See complete logs here boot2.log (75.1 KB)

Now with the EKB errors gone, I tried burning the fuses to set bit 9 in FUSE_BOOT_SECURITY_INFO_0.. But it failed again

$ sudo ./odmfuse.sh -X ~/secure-boot-image/fuse_config.xml -i 0x23 -k ~/rsa3k-0.pem -S ~/secboot-key.hex  jetson-agx-orin-devkit
...
...
[   1.6788 ] Key size is 384 bytes
[   1.7603 ] Saving pkc public key in pub_key.key
[   1.7602 ] tegrahost_v2 --chip 0x23 0 --pubkeyhash pub_key.key --updatesigheader mb1_bct_MB1_aligned_sigheader_encrypt.bct.signed mb1_bct_MB1_aligned_sigheader_encrypt.bct.sig oem-rsa
[   1.7656 ] Info: Skip generating mem_bct because sdram_config is not defined
[   1.7656 ] Info: Skip generating mem_bct because sdram_config is not defined
[   1.7656 ] Copying signatures
[   1.7671 ] tegrahost_v2 --chip 0x23 0 --partitionlayout readinfo_t234_min_prod.xml.bin --updatesig images_list_signed.xml --pubkeyhash pub_key.key
[   1.7840 ] mb1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from images_list
[   1.7843 ] psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed filename is from images_list
[   1.7844 ] Boot Rom communication
[   1.7859 ] tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   1.7874 ] BR_CID: 0x89012344705DE7E08400000015010280
[   1.7888 ] Sending bct_br
[   1.7915 ] Sending mb1
[   1.7920 ] ERROR: might be timeout in USB write.
Error: Return value 3
Command tegrarcm_v2 --new_session --chip 0x23 0 --uid --download bct_br br_bct_BR.bct --download mb1 mb1_t234_prod_aligned_sigheader_encrypt.bin.signed --download psc_bl1 psc_bl1_t234_prod_aligned_sigheader_encrypt.bin.signed --download bct_mb1 mb1_bct_MB1_sigheader_encrypt.bct.signed
[   1.7936 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.7962 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.8005 ] Retrieving board information
[   1.8021 ] tegrarcm_v2 --chip 0x23 0 --oem platformdetails chip chip_info.bin
[   1.8033 ] Retrieving EEPROM data
[   1.8033 ] tegrarcm_v2 --oem platformdetails eeprom cvm /home/tanlu/clean/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/cvm.bin --chip 0x23 0
[   1.8065 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.8104 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[   1.8121 ] Dumping customer Info
[   1.8136 ] tegrarcm_v2 --chip 0x23 0 --oem dump bct tmp.bct
[   1.8182 ] tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/tanlu/clean/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/custinfo_out.bin
[   1.8198 ] File tmp.bct open failed
Error: Return value 19
Command tegrabct_v2 --brbct tmp.bct --chip 0x23 0 --custinfo /home/tanlu/clean/MIC-733AO_64G_Orin_6.1_V1.0.0_SDK/bootloader/custinfo_out.bin
Reading board information failed.

Device logs during fuse burning
bootlog_during_fuseburn.log (75.5 KB)

Common observation here is that whenever this failure happens because of flashing or fuse burning, device just reboots into Ubuntu again.

Any ideas on how I can proceed with secure boot?

7 
[    0.000000] secureboot: Secure boot disabled

I think this line is because of I do not have UEFI secure boot enabled yet. I was able to flash/boot into new OS after setting bit 9 in FUSE_BOOT_SECURITY_INFO_0