How to read KEK0/1/2 Fuse values on Jetson AGX Xavier

Before set odm production mode fuse to 1, is it possible to read KEK 0/1/2 fuses value on Xavier?

We can run “sudo ./tegrafuse.sh” or directly read from sysfs node,like /sys/devices/3820000.efuse/3820000.efuse:efuse-burn/arm_jtag_disable

These sysfs nodes are backed in kernel driver (kernel-4.9/drivers/soc/tegra/fuse/fuse-burn.c).In this driver, tegra186_fuse_chip_data ( TX 2 ?) support node for KEK0/1/2,
FUSE_BURN_DATA(kek0, 0x59, 22, 128, 0x2c0, false, true),
FUSE_BURN_DATA(kek1, 0x5d, 22, 128, 0x2d0, false, true),
FUSE_BURN_DATA(kek2, 0x61, 22, 128, 0x2e0, false, true),
BUT for tegra194_fuse_chip_data (xavier), there is no KEK0/1/2 sysfs node.

Why? Is it possible to read KEK0/1/2 for xavier using same way?
If is, what’s the correct parameters? eg. FUSE_BURN_DAT(kek0, 0x??, 22, 128, 0x2c0, false, true)

Thanks!

Hi,
Currently the nodes are not present on Xavier. We will check if we can make the same implementation as TX2.

Thanks for reply. look forward to hearing the news.

hello mowa,

please apply below patch, and rebuilt kernel image to add support for reading KEK0, KEK1, KEK2 fuses on Xavier.
thanks

L4T_sources/r32.4.2/Linux_for_Tegra/source/public/kernel/kernel-4.9/drivers/soc/tegra/fuse/fuse-burn.c

static struct tegra_fuse_hw_feature tegra194_fuse_chip_data = {
        .burn_data = {
...
+		FUSE_BURN_DATA(kek0, 0x6f, 30, 128, 0x2c0, false, true),
+		FUSE_BURN_DATA(kek1, 0x73, 30, 128, 0x2d0, false, true),
+		FUSE_BURN_DATA(kek2, 0x77, 30, 128, 0x2e0, false, true),

Hi,Jerry
Thanks for kind reply.
I tested kek fuse reading OK, I will test burn new value & read again later this week and update info.

From this kernel driver point of view, fuse values can be read from REE. My question is:
if burn production mode to 1, these fuses will be locked protecting futher burn, but,
are they hide from reading or still can be read?

From fuse sepcification <Jetson_AGX_Xavier_Fuse_Specification_v1.0> Table 1, only SBK values are hide。How about KEK、PKC? Thanks.

“ODM Production Mode
Also known as Security Mode. This fuse write-protects all manufacturing device fuses against any further fuse burning and also hides the SBK values. This fuse must be burned last.”

hello mowa,

Once odm production mode fuse is burned, fuse keys are loaded into Security Engine (SE) key slots by BootROM during boot.
Fuse access is then being blocked. users can only call NV provided SE APIs to use these keys but not able to read.
thanks