How to load DTB instead of flashing to eMMC?

Sorry… Just typo mistake… correct in the query,

Ok, let me try your dtb first.

Hi thiru.shetty,

Could you try to put this dtb under /boot/dtb/ instead of /boot?

FDT /boot/dtb/tegra194-p2888-0001-p2822-0000.dtb

I tried as you suggested, now it halts at initrd (ramdisk) and it won’t mount the ext4 file system.

DTB Failed to validate:

[0009.185] I> Loading kernel-dtb sig file from rootfs ...
[0009.185] I> rootfs path: /sdmmc_user/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb.sig
[0015.409] I> lookup_linear_dir:436: Invalid file block num
[0015.409] I> ext2_walk:142: 'tegra194-p2888-0001-p2822-0000.dtb.sig' lookup failed
[0015.410] I> ext4_open_file:638: '/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb.sig' lookup failed
[0015.410] E> file /sdmmc_user/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb.sig open failed!!
[0015.413] W> Failed to load kernel-dtb sig file (err=202113041)
[0015.419] I> Loading kernel-dtb binary from rootfs ...
[0015.424] I> rootfs path: /sdmmc_user/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb
[0015.462] I> Validate kernel-dtb ...
[0015.462] I> T19x: Authenticate kernel-dtb (bin_type: 38), max size 0x400000
[0015.463] E> Stage2Signature validation failed with SHA2!!
[0015.463] C> OEM authentication of kernel-dtb header failed!
[0015.463] W> Failed to validate kernel-dtb binary (err=1077936152)

How to generate signature for tegra194-p2888-0001-p2822-0000.dtb ?? and also any other config missing ?

Hi,

I just wonder if you could use any dtb that is from official release as s test sample. For example, you could use “tegra194-p2888-0001-p2822-0000-maxn.dtb” from Linux_for_Tegra and use similar method to assign the path in extlinux.conf.

Hello WayeWWW,

With default files, it works but it won’t work with my dtb files… it clearly looking for signed file… How to generate it ?

Working case:

[0009.119] I> Loading kernel-dtb sig file from rootfs ...
[0009.119] I> rootfs path: /sdmmc_user/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb.sig
[0009.144] I> Loading kernel-dtb binary from rootfs ...
[0009.144] I> rootfs path: /sdmmc_user/boot/dtb/tegra194-p2888-0001-p2822-0000.dtb
[0009.169] I> Validate kernel-dtb ...
[0009.169] I> T19x: Authenticate kernel-dtb (bin_type: 38), max size 0x400000

Note: tegra194-p2888-0001-p2822-0000.dtb this files with default from NVIDIA

You might find this of interest, which is basically a way to sign and not flash (which can then be combined with other install methods):
https://forums.developer.nvidia.com/t/can-runtime-update-sdmmc-boot-partition-after-enabling-fuse-by-rcm-boot-nfs-or-ota-upgrade/82334/2

Also, I don’t know the partition sizes involved, but if your tree ends up too large for a partition, then you might need to make other adjustments (and if a partition is used, then the signed dtb size has to fit, and I suppose truncation would result in a failed validation).

Hi thiru.shetty,

When you said “default files”, do you mean tegra194-p2888-0001-p2822-0000-maxn.dtb or the tegra194-p2888-0001-p2822-0000.dtb?

Have you tried to put the dtb “tegra194-p2888-0001-p2822-0000-maxn.dtb” under /boot/dtb, modify the FDT to this path and see if it can work?

Sorry that I don’t have NX at his moment so cannot help you do this test at this moment.

Hello WayneWWW,

I too don’t have NX, I’m testing on AGX module with my own custom board

Default files means, pre-built tegra194-p2888-0001-p2822-0000.dtb from NVIDIA, this file works perfectly, but only issue with my custom dtb due to missing of signed file.

Hi,

Finally found the way to sign the device tree and kernel Image from nvidia document

Enter these commands to generate signed, encrypted files:   

•For boot.img:
         sudo ./flash.sh --no-flash -k kernel jetson-xavier mmcblk0p1

•For the .dtb file:
         sudo ./flash.sh --no-flash -k kernel-dtb jetson-xavier mmcblk0p1

The signed files will be generated in bootloader/tegra194-p2888-0001-p2822-0000.dtb.sig and kenerl/Image.sig

3 Likes

I too don’t have NX, I’m testing on AGX module with my own custom board

Sorry, forgot this is AGX issue but not NX. But my info pasted above are for AGX modules.

Hmm, I just saw the log and it does not look like an issue with signed dtb.

Could you help check whether the kernel cmdline has root=/dev/mmcblk0p1 or not?

Hi, checked it works without any issue, just need to follow #18

Hi,

So is this issue resolved?
Could you also put your current boot up log here?

Hi,

We finally got the Xavier module and is able to reproduce the error here.

For the case that you cannot boot into device but only into bash is due to missing the filesystem.

The reason why the rootfs is gone when you use your own dtb is due to missing the bootargs.

During the flash, below bootargs will be added to your original dtb. But this does not happen when you directly copy them to /boot/dtb.

chosen {
bootargs = "root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 console=ttyTCU0,115200n8 console=tty0 fbcon=map:0 net.ifnames=0 rootfstype=ext4 ";
board-has-eeprom;
};
You could put above bootargs to extlinux.conf right after the “APPEND” to prevent such error.

As for the signature, I am not sure if this would really cause the error. Actually, cboot would just ignore the validation when device is not fused.

Hi WayneWWW,

How to sign “tegra194-p3668-all-p3509-0000.dtb” using flash.sh? The production fuse has been burned on my jetson-xavier-nx-devkit-emmc module, and the “FDT /boot/tegra194-p3668-all-p3509-0000.dtb” does not work any more.

The above command string mentioned by thiru.shettyseems not work, sudo ./flash.sh --no-flash -k kernel-dtb jetson-xavier-nx-devkit-emmc mmcblk0p1

thanks a lot!

Jason

Here is my procedure to sign "tegra194-p3668-all-p3509-0000.dtb” using flash.sh:

Hi WayneWWW,

Here is my procedure to sign "tegra194-p3668-all-p3509-0000.dtb”:

  1. Put the modified /new "tegra194-p3668-all-p3509-0000.dtb” under /Linux_for_Tegra/kernel/dtb directory

  2. /Linux_for_Tegra/sudo ./flash.sh --no-flash -k kernel-dtb jetson-xavier-nx-devkit-emmc mmcblk0p1

Results:

[   0.0347 ]
[   0.0358 ] Signed file: /home/test/amazon-convoy/Linux_for_Tegra/bootloader/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
*** kernel_tegra194-p3668-all-p3509-0000.dtb has been signed successfully. ***
  1. Find the signed files:

/Linux_for_Tegra/bootloader/temp_user_dir$ ls -al
total 82540
drwxr-xr-x 2 root root 4096 Aug 9 14:14 .
drwxrwxrwx 6 root root 12288 Aug 9 14:14 …
-rw-r–r-- 1 root root 42035200 Aug 9 14:13 boot.img
-rw-r–r-- 1 root root 42039296 Aug 9 14:13 boot_sigheader.img.encrypt
-rw-r–r-- 1 root root 206272 Aug 9 14:14 kernel_tegra194-p3668-all-p3509-0000.dtb
-rw-r–r-- 1 root root 4096 Aug 9 14:14 kernel_tegra194-p3668-all-p3509-0000.dtb.sig
-rw-r–r-- 1 root root 210368 Aug 9 14:14 kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt

  1. copy “kernel_tegra194-p3668-all-p3509-0000.dtb” & “kernel_tegra194-p3668-all-p3509-0000.dtb.sig” to /boot/dtb/ directory on my NX module

  2. Reboot the device

Hi jason.lu,

Sorry for the late response, this is an old thread, please help to open a new topic if it’s still an issue.

Thanks