How to set DBGEN and NIDEN signals on factory-fresh Orin AGX?

When I inspect the registers of trace blocks (ETM and TMC-ETR) from the CCPLEX cores, they all show debug disabled in their AUTHSTATUS registers. The board is freshly purchased from distribution and shows all zeros for fuses.

I saw the TRM mentions some PMC DEBUG_AUTHENTICATION registers here and there (but doesn’t actually specify their address or bit fields). Is that something I should be setting from CCPLEX or via some BPMP message? Can that be done at run time?

Please check below document.

Thanks. So even though I have not blown any security fuses, the Orin AGX is a secure target?

What does this mean? What’s the concern/requirement?

Not sure if this matters, but all partitions, other than rootfs/APP, must be signed or else they are rejected. The default is to sign with a NULL key, but it is still signed. The part which changes when you burn security fuses is that the key is no longer NULL.

1 Like