How to recover brick Jetson nano after secure boot enable?

I tried to enable the secure boot with Jetson nano and here are the commands I issued.
mayu@mayu:~/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra$ sudo ./odmfuse.sh -c PKC -i 0x21 -p -k rsa_priv.pem -j
*** Calculating HASH from keyfile /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/rsa_priv.pem … done
PKC HASH: 0x036bb4b16c71c05ab6a9bafef165604a52e56e861f3d065ca0b21b4086310e4b
*** Generating fuse configuration … done.
done.
*** Start fusing …
/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd “blowfuses odmfuse_pkc.xml;”
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[ 0.0029 ] Parsing fuse info as per xml file
[ 0.0051 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[ 0.0066 ]
[ 0.0067 ] Generating RCM messages
[ 0.0090 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[ 0.0100 ] RCM 0 is saved as rcm_0.rcm
[ 0.0107 ] RCM 1 is saved as rcm_1.rcm
[ 0.0107 ] List of rcm files are saved in rcm_list.xml
[ 0.0108 ]
[ 0.0108 ] Signing RCM messages
[ 0.0130 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[ 0.0143 ] Assuming zero filled SBK key
[ 0.0223 ]
[ 0.0224 ] Copying signature to RCM mesages
[ 0.0249 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml
[ 0.0275 ]
[ 0.0276 ] Boot Rom communication
[ 0.0302 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[ 0.0322 ] BR_CID: 0x32101001643cb6491800000001fd8540
[ 0.0596 ] RCM version 0X210001
[ 0.1033 ] Boot Rom communication completed
[ 1.1102 ]
[ 1.1103 ] Blowing fuses
[ 1.1148 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[ 1.1171 ] Applet version 00.01.0000
[ 1.1891 ] Successfully burnt fuses as per fuse info blob
[ 1.2046 ]
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been secured with PKC keys.
*** Flash “signed BCT and bootloader(s)”.
*** done.

--------------------------single step mehod
mayu@mayu:~/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra$ sudo ./flash.sh BOARDID=3448 FAB=200 BOARDSKU=0002 -x 0x21 -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1
###############################################################################

L4T BSP Information:

R32 , REVISION: 7.2

###############################################################################

Target Board Information:

Name: jetson-nano-emmc, Board Family: t210ref, SoC: Tegra 210,

OpMode: production, Boot Authentication: PKC,

Disk encryption: disabled ,

###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

I have below questions:
1. Why I got this failure when I try to flash the OS? When I was issuing flash command the SD card was mounted on the device. Is this the mistake I made?
2. Are there anyway for me to recover the device?
3. Can I recover the device if I just replace just the module? Basically can I reuse the base board?
4. Should I use production module for enabling secure boot?

Hello,

Welcome to the NVIDIA Developer forums! Your topic will be best served in the Jetson category.

I will move this post over for visibility.

Cheers,
Tom

Hi msivanesan,

Are you using the devkit or custom board for Jetson Nano?

Are you using Jetson Nano module with SD or eMMC module?

Please just put your board in force recovery state and run the following command to recover it.

$ sudo ./flash.sh jetson-nano-emmc mmcblk0p1

Hi Kevin, Thank you for the response.

I am using Jetson nano development Kit with 16GB of eMMC.
But when I was issuing the flash command after performing eFUSE using odmfuse.sh the SSD card was mounted in the slot as I was having an OS running on that. (I forgot to remove that)

Do you think that’s the reason for making the device brick?

Here is my output for flash.sh command
mayu@mayu:~/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra$ sudo ./flash.sh jetson-nano-emmc mmcblk0p1
###############################################################################

L4T BSP Information:

R32 , REVISION: 7.2

###############################################################################

Target Board Information:

Name: jetson-nano-emmc, Board Family: t210ref, SoC: Tegra 210,

OpMode: production, Boot Authentication: PKC,

Disk encryption: disabled ,

###############################################################################
Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

Do you mean NVMe SSD or SD card?
If you are using the devkit with eMMC module, I think there’s no SD slot on the board.
Are you sure that you are using the devkit from NVIDIA?

Do you mean that your board has been fused?

Do you mean NVMe SSD or SD card? SD card slot was mounted. I am sorry it was a typo error.
If you are using the devkit with eMMC module, I think there’s no SD slot on the board. To be clear I don’t have SSD slots available. But I have SD card slot though as it is a dev kit.
Are you sure that you are using the devkit from NVIDIA?
I am using this board for my security development.

Do you mean that your board has been fused?
Yes. From my initial post you can notice that sudo ./odmfuse.sh -c PKC -i 0x21 -p -k rsa_priv.pem -j executed successfully.

Could you share the result of the following command on your board?

$ cat /etc/nv_boot_control.conf
$ lsblk

If you are flashing the fused board, please specify SBK and PKC file in your flash command.

Hi Kevin,
Thank you for the response.
But I am unable to boot the board successfully.
So I cannot issue any commands. I think the reason would be sudo ./odmfuse.sh -c PKC -i 0x21 -p -k rsa_priv.pem -j is used to perform the eFUSEing, but since I used the -p option SecurityMode is enabled and not allowing me to boot the board correctly. Please correct me if I am wrong.

I issued the tegrafuse.sh and got below result:
sudo ./bootloader/pkc/tegrafuse.sh
Unsupported fuse: device_key
Unsupported fuse: jtag_disable
Unsupported fuse: odm_lock
Unsupported fuse: odm_production_mode
Unsupported fuse: odm_reserved
Unsupported fuse: pkc_disable
Unsupported fuse: public_key
Unsupported fuse: sec_boot_dev_cfg
Unsupported fuse: secure_boot_key
Unsupported fuse: sw_reserved

Also regarding SBK key,
I have not created any SBK file. So what should be the default for that?
Can you please share the correct command to perform eFUSE on Jetson Nano?
Is it something like below?
sudo ./odmfuse.sh -i 0x21 -c PKC -k rsa_priv.pem -o 0xabcd001200000000000000000000000000000000000000000000000100000000
After performing efuse can you also confirm that below command can be used to flash the OS?
sudo ./flash.sh BOARDID=3448 FAB=200 BOARDSKU=0002 -x 0x21 -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1
Thank you

hello msivanesan,

you cannot recover a board after fuse programming has done because they cannot be reversed.
BTW,
it looks you’re using an incorrect commands. FYI, -c options to specify current board authentication types, it should be NS (No authentication) if you’re performing fuse burning to non-fuse target.
BTW2,
if you have target already fused with PKC. you cannot perform odmfuse.sh again to add SBK keys by setting authentication type as SBKPKC.

1 Like

Hi JerryChang,
Thanks for the feedback.
Now I have a new Jetson Nano module which I am planning to perform this secure boot enabling again. Before doing that let me clarify the commands first as I really don’t want to brick it again.

To perform efusing I am planning to issue below command:
sudo ./odmfuse.sh -i 0x21 -c NS -k rsa_priv.pem
(Here please note that I have removed the FUSE_RESERVED_ODM0 - FUSE_RESERVED_ODM7 as it can be programmed later if required.)
Then to flash the OS using single step method:
sudo ./flash.sh BOARDID=3448 FAB=200 BOARDSKU=0002 -x 0x21 -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1

Can you please validate above 2 commands and if I am wrong please correct.

Thank you and expecting your feedback soon.

hello msivanesan,

my bad…
it’s later release (i.e. rel-35) to have --auth options to replace -c optionos.
for Nano era. you may still working with $ sudo ./odmfuse.sh -i 0x21 -c PKC.. for Nano/rel-32 code-line.
(let me revise my previous comments to avoid confusion.)

BTW,
it’s suggest moving to the latest release version. JetPack 4.6.4/ L4T 32.7.4 for verification.
please do use the same release version secureboot tarball for execution.

in short, you’ll have below two steps.
(1) please running odmfuse script to burn fuse.
$ sudo ./odmfuse.sh -j -i <chip_id> -c PKC -k <keyfile>
(2) then, assign the same PKC key for image flashing.
$ sudo ./flash.sh -x 0x21 -y PKC -u key.pem <platform> mmcblk0p1

1 Like

Hi Jerry Chang,
Thank you for the help.
It is working now,.
BR
Mayuran

Hi Jerry Chang
I still have few more question though.
The ODM Production Mode (FUSE_SECURITY_MODE [0]) also should be programmed to enable the full secure mode.
So when should I incorporate the -p option in sudo ./odmfuse.sh -j -i <chip_id> -c PKC -k <keyfile> to enable this production mode security?
After I flash the OS using sudo ./flash.sh -x 0x21 -y PKC -u key.pem <platform> mmcblk0p1 can I do that?
If yes can you please confirm below command can be used to perform this?
sudo ./odmfuse.sh -i 0x21 -c PKC -p
(Note: The key is removed as it was already flash earlier.)
And for the development kit module is this command still work?
After fusing this ODM production mode if I want to flash the kernel again I hope I can still do it using my flash command with the same RSA key. Is my understanding correct?

According to the document we can still flash the secure boot key(SBK) for jetson nano products. If that is the case
Can I use below command to perform SBK fusing?
sudo ./odmfuse.sh -i 0x21 -c PKC -p -S sbk.bin where sbk file has 4 32bit numbers.
And for flash command
sudo ./flash.sh -x 0x21 -y PKC -u key.pem -v sbk.bin <platform> mmcblk0p1
Thank you

Hi,
Anyone has any answer for the questions above?

hello msivanesan,

beware,
"-p" options to program this fuse (i.e. FUSE_SECURITY_MODE) which writeprotects all manufacturing device fuses against any further fuse programming and also hides the SBK and DK values.
please check documentation, Jetson Nano Fuse Specification Application Note for details.

did you meant adding SBK keys to PKC fused device? may I also what’s the fuse command you’ve used before?

Hi Jerry Chang
Thank you for the explanation of -p option.

Regarding SBK,
I have the device which used below command to perform fusing:
sudo ./odmfuse.sh -j -i <chip_id> -c PKC -k <keyfile>
Yes, It is for PKC fused device. Since I have not used the -p option yet for this device I thought I can still flash the SBK.
I am planning to use below command to do that:
sudo ./odmfuse.sh -i 0x21 -c PKC -p -S sbk.bin

hello msivanesan,

you’ll need to provide PKC key file, please execute odmfuse script as below.
let’s try adding --noburn option as well for testing.
$ sudo ./odmfuse.sh -i 0x21 -c PKC -p -k <PKC KeyFile> -D <DK file> -S <SBK file> --noburn

Hi Jerry,
I tried the following command to perform the efuse for SBK and DK.
sudo ./odmfuse.sh -j -i 0x21 -c PKC -k rsa_priv.pem -D dk.bin -S sbk.bin
And it was successful.

The option -j is obsolete now. Jtag by default is enabled.
Please use "--disable-jtag" option if you want to burn the jtag-disable fuse.
Jtag can't be re-enabled once the jtag-disable fuse bit is burned.

*** Calculating HASH from keyfile /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/rsa_priv.pem ... done
PKC HASH: 0x4b0e3186401bb2a05c063d1f866ee5524a6065f1febaa9b65ac0716cb1b46b03
*** Generating fuse configuration ... done.
*** Start fusing  ... 
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd "blowfuses odmfuse_pkc.xml; reboot recovery"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0074 ] Parsing fuse info as per xml file
[   0.0162 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[   0.0182 ] 
[   0.0183 ] Generating RCM messages
[   0.0394 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.0417 ] RCM 0 is saved as rcm_0.rcm
[   0.0512 ] RCM 1 is saved as rcm_1.rcm
[   0.0513 ] List of rcm files are saved in rcm_list.xml
[   0.0513 ] 
[   0.0514 ] Signing RCM messages
[   0.0672 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0693 ] Assuming zero filled SBK key
[   0.0941 ] 
[   0.0942 ] Copying signature to RCM mesages
[   0.0966 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml
[   0.0991 ] 
[   0.0992 ] Boot Rom communication
[   0.1018 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[   0.1034 ] BR_CID: 0x32101001643c52c00000000002028240
[   0.1363 ] RCM version 0X210001
[   0.1799 ] Boot Rom communication completed
[   1.1867 ] 
[   1.1868 ] Blowing fuses
[   1.1912 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[   1.1938 ] Applet version 00.01.0000
[   1.2662 ] Successfully burnt fuses as per fuse info blob
[   1.2806 ] 
[   1.2809 ] Rebooting to recovery mode
[   1.3088 ] tegradevflash --reboot recovery
[   1.3116 ] Cboot is not running on device.
[   1.3486 ] 
[   1.3488 ] Rebooting to recovery mode
[   1.3526 ] tegrarcm --reboot recovery
[   1.3549 ] Applet version 00.01.0000
[   1.4348 ] 
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been burned successfully.
*** done.

But in th log above it is saying that SBK is filled with zeros. Is this true?
[ 0.0693 ] Assuming zero filled SBK key
(Please note that I generated the skb.bin and dk.bin randomly. Means they are not hash values of any keys. I assumed they are symmetric keys. Also I did not add the -p option as I would like to try this first without locking the eFUSE.)

Here is the output of the odmfuse_pkc.xml

<genericfuse MagicId="0x46555345" version="1.0.0">
<fuse name="DeviceKey" size="8" value="0xddccbbaa" />
<fuse name="SecureBootKey" size="16" value="0x78563412785634127856341278563412" />
<fuse name="PublicKeyHash" size="32" value="0x4b0e3186401bb2a05c063d1f866ee5524a6065f1febaa9b65ac0716cb1b46b03" />
</genericfuse>

After that I issued the flash command and here is the output

sudo ./flash.sh BOARDID=3448 FAB=200 BOARDSKU=0002 -x 0x21 -y PKC -u rsa_priv.pem -D dk.bin -S sbk.bin jetson-nano-emmc mmcblk0p1
###############################################################################
# L4T BSP Information:
# R32 , REVISION: 7.4
###############################################################################
# Target Board Information:
# Name: jetson-nano-emmc, Board Family: t210ref, SoC: Tegra 210, 
# OpMode: production, Boot Authentication: , 
# Disk encryption: disabled ,
###############################################################################
./tegraflash.py --chip 0x21 --applet "/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/nvtboot_recovery.bin" --skipuid --cmd "dump eeprom boardinfo cvm.bin" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0028 ] Generating RCM messages
[   0.0040 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/nvtboot_recovery.bin 0 0
[   0.0049 ] RCM 0 is saved as rcm_0.rcm
[   0.0056 ] RCM 1 is saved as rcm_1.rcm
[   0.0056 ] List of rcm files are saved in rcm_list.xml
[   0.0056 ] 
[   0.0056 ] Signing RCM messages
[   0.0079 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0089 ] Assuming zero filled SBK key
[   0.0156 ] 
[   0.0156 ] Copying signature to RCM mesages
[   0.0181 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml
[   0.0198 ] 
[   0.0198 ] Boot Rom communication
[   0.0222 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml --skipuid
[   0.0234 ] RCM version 0X210001
[   0.1232 ] Boot Rom communication completed
[   1.1303 ] 
[   1.1305 ] dump EEPROM info
[   1.1351 ] tegrarcm --oem platformdetails eeprom /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/cvm.bin
[   1.1379 ] Applet version 00.01.0000
[   1.2127 ] Saved platform info in /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/cvm.bin
[   1.2887 ] 
[   1.2933 ] tegrarcm --reboot recovery
[   1.2960 ] Applet version 00.01.0000
[   1.3686 ] 
Board ID(3448) version(401) 
copying bctfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/BCT/P3448_A00_lpddr4_204Mhz_P987.cfg)... done.
copying bootloader(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
copying initrd(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
Making Boot image... done.
Existing sosfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/nvtboot_recovery.bin) reused.
copying tegraboot(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/nvtboot.bin)... done.
copying cpu_bootloader(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
copying bpffile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/sc7entry-firmware.bin)... done.
copying wb0boot(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/warmboot.bin)... done.
Existing tosfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/tos-mon-only.img) reused.
Existing eksfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/eks.img) reused.
./flash.sh: line 2661: [: : integer expression expected
copying dtbfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/kernel/dtb/tegra210-p3448-0002-p3449-0000-b00.dtb)... done.
Copying nv_boot_control.conf to rootfs
	populating kernel to rootfs... done.
	populating initrd to rootfs... done.
	populating kernel_tegra210-p3448-0002-p3449-0000-b00.dtb to rootfs... done.
Making system.img... 
	populating rootfs from /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/rootfs ... 	populating /boot/extlinux/extlinux.conf ... done.
	Sync'ing system.img ... done.
	Converting RAW image to Sparse image... done.
system.img built successfully. 
Existing tbcfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/nvtboot_cpu.bin) reused.
copying tbcdtbfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/kernel/dtb/tegra210-p3448-0002-p3449-0000-b00.dtb)... done.
copying cfgfile(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/cfg/flash_l4t_t210_emmc_p3448.xml) to flash.xml... done.
copying flasher(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
Existing flashapp(/home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/tegraflash.py) reused.
./tegraflash.py --bl cboot.bin --bct  P3448_A00_lpddr4_204Mhz_P987.cfg --odmdata 0xa4000 --bldtb kernel_tegra210-p3448-0002-p3449-0000-b00.dtb --applet nvtboot_recovery.bin  --cmd "flash; reboot"  --cfg flash.xml --chip 0x21    --bins "EBT cboot.bin; DTB tegra210-p3448-0002-p3449-0000-b00.dtb" 
saving flash command in /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/flashcmd.txt
saving Windows flash command to /home/mayu/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_NANO_TARGETS/Linux_for_Tegra/bootloader/flash_win.bat
assign_value: crc-flash.xml.bin 1 131056 1
printf '\x1' | dd of=crc-flash.xml.bin bs=1 seek=131056 count=1 conv=notrunc
1+0 records in
1+0 records out
1 byte copied, 0.000107281 s, 9.3 kB/s
assign_value: crc-flash.xml.bin 0 131057 1
printf '\x0' | dd of=crc-flash.xml.bin bs=1 seek=131057 count=1 conv=notrunc
1+0 records in
1+0 records out
1 byte copied, 0.000121686 s, 8.2 kB/s
assign_string: crc-flash.xml.bin PTHD 131064 4
echo PTHD | dd of=crc-flash.xml.bin bs=1 seek=131064 count=4 conv=notrunc
4+0 records in
4+0 records out
4 bytes copied, 6.4855e-05 s, 61.7 kB/s
*** Flashing target device started. ***
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0206 ] tegrasign --getmode mode.txt --key None
[   0.0222 ] Assuming zero filled SBK key
[   0.0340 ] 
[   0.0344 ] Generating RCM messages
[   0.0480 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.0509 ] RCM 0 is saved as rcm_0.rcm
[   0.0593 ] RCM 1 is saved as rcm_1.rcm
[   0.0593 ] List of rcm files are saved in rcm_list.xml
[   0.0593 ] 
[   0.0594 ] Signing RCM messages
[   0.0636 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0658 ] Assuming zero filled SBK key
[   0.0762 ] 
[   0.0763 ] Copying signature to RCM mesages
[   0.0791 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml
[   0.0811 ] 
[   0.0811 ] Parsing partition layout
[   0.0836 ] tegraparser --pt flash.xml.tmp
[   0.0854 ] 
[   0.0856 ] Using default ramcode: 0
[   0.0856 ] Disable BPMP dtb trim, using default dtb
[   0.0856 ] 
[   0.0856 ] Creating list of images to be signed
[   0.0881 ] tegrahost --chip 0x21 0 --partitionlayout flash.xml.bin --list images_list.xml
[   0.1739 ] 
[   0.1740 ] Generating signatures
[   0.1788 ] tegrasign --key None --list images_list.xml --pubkeyhash pub_key.key
[   0.1811 ] Assuming zero filled SBK key
[   0.3089 ] 
[   0.3089 ] Generating br-bct
[   0.3126 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.cfg --chip 0x21 0
[   0.3493 ] 
[   0.3493 ] Updating boot device parameters
[   0.3518 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatedevparam flash.xml.bin
[   0.3529 ] Warning: No sdram params
[   0.3532 ] 
[   0.3533 ] Updating bl info
[   0.3558 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updateblinfo flash.xml.bin --updatesig images_list_signed.xml
[   0.3579 ] 
[   0.3579 ] Updating secondary storage information into bct
[   0.3603 ] tegraparser --pt flash.xml.bin --chip 0x21 0 --updatecustinfo P3448_A00_lpddr4_204Mhz_P987.bct
[   0.3620 ] 
[   0.3621 ] Updating Odmdata
[   0.3647 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatefields Odmdata =0xa4000
[   0.3660 ] Warning: No sdram params
[   0.3664 ] 
[   0.3664 ] Get Signed section of bct
[   0.3692 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --listbct bct_list.xml
[   0.3711 ] 
[   0.3712 ] Signing BCT
[   0.3769 ] tegrasign --key None --list bct_list.xml --pubkeyhash pub_key.key
[   0.3781 ] Assuming zero filled SBK key
[   0.3790 ] 
[   0.3790 ] Updating BCT with signature
[   0.3816 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatesig bct_list_signed.xml
[   0.3831 ] 
[   0.3832 ] Copying signatures
[   0.3859 ] tegrahost --chip 0x21 0 --partitionlayout flash.xml.bin --updatesig images_list_signed.xml
[   0.3958 ] 
[   0.3959 ] Updating BFS information on BCT
[   0.3984 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatebfsinfo flash.xml.bin
[   0.3999 ]    BFS:
[   0.4017 ]      0: [PT ] crc-flash.xml.bin (size=131072/131072)
[   0.4025 ]      1: [TBC] nvtboot_cpu.bin.encrypt (size=80672/196608)
[   0.4032 ]      2: [RP1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.encrypt (size=238224/1048576)
[   0.4043 ]      3: [EBT] cboot.bin.encrypt (size=485952/655360)
[   0.4049 ]      4: [WB0] warmboot.bin.encrypt (size=3952/131072)
[   0.4052 ]      5: [BPF] sc7entry-firmware.bin.encrypt (size=3376/262144)
[   0.4056 ] BFS0: 131072 @ 2560 SUM b6ad3ead over 2883584 bytes
[   0.4061 ]    BFS:
[   0.4062 ]      0: [PT-1] crc-flash.xml.bin (size=131072/131072)
[   0.4068 ]      1: [TBC-1] nvtboot_cpu.bin.encrypt (size=80672/196608)
[   0.4074 ]      2: [RP1-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.encrypt (size=238224/1048576)
[   0.4082 ]      3: [EBT-1] cboot.bin.encrypt (size=485952/655360)
[   0.4088 ]      4: [WB0-1] warmboot.bin.encrypt (size=3952/131072)
[   0.4093 ]      5: [BPF-1] sc7entry-firmware.bin.encrypt (size=3376/262144)
[   0.4099 ]      8: [VER_b] emmc_bootblob_ver.txt (size=102/32768)
[   0.4365 ]      9: [VER] emmc_bootblob_ver.txt (size=102/32768)
[   0.4378 ] BFS1: 131072 @ 8704 SUM b6ad3ead over 2981888 bytes
[   0.4386 ]    KFS:
[   0.4782 ]      0: [DTB] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.encrypt (size=238224/1048576)
[   0.4793 ]      1: [TOS] tos-mon-only.img.encrypt (size=54208/6291456)
[   0.4800 ]      2: [EKS] eks.img (size=1028/81920)
[   0.5240 ]      3: [LNX] boot.img.encrypt (size=667648/67092480)
[   0.5259 ] KFS0: 1048576 @ 29376546 SUM c97b90a6 over 8089600 bytes
[   0.5365 ]    KFS:
[   0.5716 ]      0: [DTB-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.encrypt (size=238224/1048576)
[   0.5727 ]      1: [TOS-1] tos-mon-only.img.encrypt (size=54208/6291456)
[   0.5733 ]      2: [EKS-1] eks.img (size=1028/81920)
[   0.5737 ]      3: [LNX-1] boot.img.encrypt (size=667648/67092480)
[   0.5742 ] KFS1: 1048576 @ 29522082 SUM c97b90a6 over 8089600 bytes
[   0.5777 ] 
[   0.5777 ] Boot Rom communication
[   0.5800 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[   0.5811 ] BR_CID: 0x32101001643c52c00000000002028240
[   0.6099 ] RCM version 0X210001
[   0.6577 ] Boot Rom communication completed
[   1.6649 ] 
[   1.6651 ] Sending BCTs
[   1.6695 ] tegrarcm --download bct P3448_A00_lpddr4_204Mhz_P987.bct
[   1.6722 ] Applet version 00.01.0000
[   1.7445 ] Sending bct
[   1.7492 ] [................................................] 100%
[   1.7492 ] 0000000b: Verification failed
[   1.7493 ] 
[   1.7493 ] 
Error: Return value 11
Command tegrarcm --download bct P3448_A00_lpddr4_204Mhz_P987.bct
Failed flashing t210ref.

I am getting the error code 11. Are there any explanation for this error code?
I tried multiple times and getting same error.
Any idea to solve this? I still can perform the flashing to the board and it is wornderful if you share any way to make it working again.

After checking this link it is mentioned that this SKB must be programmed when pkc_disable=0 for Nano device.

For Jetson TX1 and Jetson Nano, this key must be used along with PKC key and pkc_disable = 0. This key will not be used to encrypt Bootloaders, it can be used by the high-level application as encryption key.

is this the reason for this failure?

Do you add -v for SBK key?

In addition, I would suggest you open another topic for the detailed information for other key issue.
(it seems you’ve resolved the bricked issue)

Hi Kevin,
I corrected the command with -v option.
But the system is still showing same behavior which is Assuming zero filled SBK key

The original issue is enabling secure boot with ODM production (basically with -p option).
But it seems we should fuse SBK and DK in order to do this and I am still failing on doing this.

Expecting your help on this.
Thank you