I am trying to block JTAG and RCM mode in production line. I should be able to block them by changing the corresponding bits in fuse blob; however, I do not know how to do it.
I find 3 references from different Nvidia resources and they do not match to each other.
In this file, a fuse name of “FUSE_RESERVED_SW [23:0]” is described as a 24 bit long register and bit[23] can disable entry into RCM mode.
In this online reference, “FUSE_RESERVED_SW [23:0]” no longer exists and a new name “sw_reserved” is introduced which has only 8 bits and bits[0:1] matches to FUSE_RESERVED_SW[0:1], which is to select boot device.
- In odmfuse.sh, I can also find “sw_reserved”, which is however 32 bits long.
Questions:
- Can I block RCM mode by setting up “sw_reserved” in odmfuse.sh? I can set this up by adding “-r 0xXX” to the command for building fuseblob.
- If I can block RCM mode in this way, which bit I should set to 1? And what about other bits?
- If this is not the right place for blocking RCM mode, can you please let me know the right place and command to make it right?
- To block JTAG, should I simply remove “-j” from command “sudo BOARD=2888 FAB=400 BOARDSKU=0001 BOARDREV=H.0 CHIPREV=2 ./odmfuse.sh --noburn -i 0x19 -c PKC -j -p -k key/rsa_priv.pem -S key/sbk.txt jetson-xavier”