Fusing file test

hey all,
we have a Jetson Orin nano dev-kit, with jetson linux 35.5.0 BSP file. and we are in the process of learning how to enable security feature, currently working on the secure boot.
we used openssl to create a ecp521.pem file, and then used tegrasign_v3.py to create hash for the fuse file.
we then used the reference XML file from here:
https://docs.nvidia.com/jetson/archives/r35.3.1/DeveloperGuide/text/SD/Security/SecureBoot.html#example-orin-fuse-configuration-file-to-program-an-ecdsa-p-521-key-sbk-key-oemk1-key
file replacing only the PublicKeyHash value.
we then run the command:
“sudo ./odmfuse.sh --test -X fuseTest2.xml -i 0x23 jetson-orin-nano-devkit > fuselog2.txt”
the log file is also attached
fuselog2.txt (89.0 KB)
we are trying to understand the output log, is it ok? are the errors critical or not and how to proceed forward from here?
thank you

hello yuvalda,

it looks correct.

you may see-also Topic 263458 for the steps of fuse burning, and image flashing on Orin NX for reference.

BTW,
according to… node: name=SecurityMode size=4 value=0x1
you may see an EL3 exception in ATF. here’s workaround to resolve it, i.e. Topic 282587.

Thank you for the help,
I looked in the topic you linked about flashing the fuse and burning the image.
According to the developer guide I understand that there are two method of image flashing, with the proper key after the fuse burning. the first is using l4t_initrd_flash.sh script and the second is using flash.sh script with both with the --no-flash option. I’m trying to understand how to determine which one to use but I don’t find any in the developer guide.
thank you very much,
Yuval

hello yuvalda,

they’re the same for doing image flash.
basically, execute flash.sh script with internal eMMC targets; l4t_initrd_flash.sh script to flash to an external storage.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.