I am trying to block JTAG and RCM mode in production line. I should be able to block them by changing the corresponding bits in fuse blob; however, I do not know how to do it.
I find 3 references from different Nvidia resources and they do not match to each other.
In this online reference, “FUSE_RESERVED_SW [23:0]” no longer exists and a new name “sw_reserved” is introduced which has only 8 bits and bits[0:1] matches to FUSE_RESERVED_SW[0:1], which is to select boot device.
In odmfuse.sh, I can also find “sw_reserved”, which is however 32 bits long.
Questions:
Can I block RCM mode by setting up “sw_reserved” in odmfuse.sh? I can set this up by adding “-r 0xXX” to the command for building fuseblob.
If I can block RCM mode in this way, which bit I should set to 1? And what about other bits?
If this is not the right place for blocking RCM mode, can you please let me know the right place and command to make it right?
To block JTAG, should I simply remove “-j” from command “sudo BOARD=2888 FAB=400 BOARDSKU=0001 BOARDREV=H.0 CHIPREV=2 ./odmfuse.sh --noburn -i 0x19 -c PKC -j -p -k key/rsa_priv.pem -S key/sbk.txt jetson-xavier”
Thanks for your response.
The description of JTAG is quite clear in all references and thank you for confirming the solution.
For RCM mode, can you please let me know the solution ASAP? Our production line is blocked because of the unknown RCM disable method.
when you begin production and burn the ODM production fuse, secure boot is enabled, JTAG debug is disabled, and all the fuses become inaccessible except Reserved_ODM. however, Reserved_ODM fuse are programmable until it disabled by the ODM_lock fuse.