How to verify that secure boot with kernel encryption and disc encryption is enabled in Jetson TX2?

Hi,
I am trying to set up secure boot in a Jetson Tx2 on a connectech spacely carrier board.
I am trying secure boot with kernel, kerne-dtb and initrd encryption as well as disk encryption.
I am using 32.7.2 version of L4T
Burned the fuses using odmfuse.sh and used flash.sh to encrypt and flash the image.
The Tx2 boots up fine afterwards. When I connect to UART0 the only output I am getting is

[ 3.526839] ina3221x 0-0042: ina3221 reset failure status: 0xffffff87
[ 3.533679] ina3221x 0-0043: ina3221 reset failure status: 0xffffff87
[ 4.064509] cgroup: cgroup2: unknown option “nsdelegate”
[ 5.640254] using random self ethernet address
[ 5.653600] using random host ethernet address
[ 5.962343] tegra_cec 3960000.tegra_cec: timeout in tegra_cec_native_write_l:172.
[ 5.970450] tegra_cec 3960000.tegra_cec: Sent res: -62.
[ 5.977123] tegra_cec 3960000.tegra_cec: tegra_cec_init Done.
[ 6.690621] using random self ethernet address
[ 6.695140] using random host ethernet address
[ 6.835061] CPU1: shutdown
[ 6.919313] CPU2: shutdown
[ 8.048188] Bridge firewalling registered

Ubuntu 18.04.6 LTS tx2 ttyS0

tx2 login:

Password:
Last login: Fri Dec 10 14:46:37 IST 2021 on ttyS0
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.9.253-tegra aarch64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: Ubuntu Pro | Ubuntu
  This system has been minimized by removing packages and content that are
  not required on a system that users do not log into.

To restore this content, you can run the ‘unminimize’ command.

302 updates can be applied immediately.
260 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Is the boot log supposed to be so short?
How do I verify that secure boot with kernel encryption and disc encryption worked?
How do I get a detailed boot log?
I am using putty with 115200, 8 and flow control set to none.
Physically, I have connected the Tx on FTDI adaptor to UART0 Rx (pin4 on P12 of spacely carrier board) Rx to pin2 and Gnd to Gnd. I am leaving all other pins unconnected.

hello Rafeek.Sainudeen,

had you disable the logs?
please check Environment Configuration section as see-also.
could you please also obtain the logs for reference.

you may dig into uart logs, there’ll be logs printed to bootloader.
it looks like below if you’ve enable Trusty.

ipc-unittest-main: 1519: Welcome to IPC unittest!!!                             
ipc-unittest-main: 1531: waiting forever                                        
ipc-unittest-srv: 329: Init unittest services!!!                                
hwkey-agent: 40: hwkey-agent is running!!                                       
hwkey-agent: 197: key_mgnt_processing .......                                   
hwkey-agent: 189: Setting EKB key 0 to slot 14                                  
hwkey-agent: 167: Init hweky-agent services!!                                   
luks-srv: 40: luks-srv is running!!                                             
luks-srv: 157: Init luks-srv IPC services!!                                     
platform_bootstrap_epilog: trusty bootstrap complete                     

you may also refer to some similar discussion threads,
for instance,
How to run the CA (hwkey-app) and TA (hwkey-agent) on target (Jetson AGX Xavier)
or, How to run trusty samples on jetson Xavier?

you may refer to Serial Console – NVIDIA Jetson TX2.

Hi @JerryChang ,
Thank you very much for your prompt response. My replies are given below.

Blockquote
had you disable the logs?
please check Environment Configuration section as see-also.

I did NOT disable the logs.
I checked the reference that you mentioned.
I presume it is referring to the following line in the conf file
CMDLINE_ADD=“console=ttyS0,115200n8 console=tty0 OS=l4t fbcon=map:0 net.ifnames=0”;
As you can see, console=ttyS0 specification is present.
Since I am using the spacely carrier board, I am using the cti-tx2.conf.common in the Linux_for_Tegra folder of the host. Above line is pasted from there.
Kindly let me know if there is any other setting I should try.

Blockquote
could you please also obtain the logs for reference.

What I pasted in my original post is all I am getting over the serial console (It is in full. I have not edited out anything). Please let me know which other logs I can obtain and upload to you.

hello Rafeek.Sainudeen,

since it’s customize carrier board, please check it’s also uses UART0 for sending mb1/bootloader messages.
and… you may also check the BCT file, tegra186-mb1-bct-misc-si-l4t.cfg
there’re configurations to toggle log settings.
for example,

##### debug variables #####
debug.enable_log = 1;
debug.uart_instance = 0;

Hi @JerryChang
Thanks again for your response.

Blockquote
you may also check the BCT file, tegra186-mb1-bct-misc-si-l4t.cfg

I checked this file under the Linux_for_Tegra/bootloader folder.
It has the following same lines as you have quoted above.

debug variables

debug.enable_log = 1;
debug.uart_instance = 0;

I did check UART 1 also. No output is coming on UART 1.

Kindly suggest anything else that I can check.

Hi @JerryChang,
To add a bit more context, here is the fuse burning and flash procedure that I used.
Generation of EKS image

python3 gen_ekb.py -kek2_key <KEK2 key file>  -fv <fixed vector file> -in_sym_key <kernel encryption key file> -in_sym_key2 <disk encryption key file> -out eks.img

Modified the HW key agent code in Nvidia samples to use our own fixed vectors and rebuilt the TOS image.

Fuse burning command

sudo FAB=B02 BOARDID=3310 BOARDSKU=1000 ./odmfuse.sh -p -i 0x18 -k <pkc key file> --KEK2 <KEK2 key file> -S <SBK key file> JetPack_4.6.2_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra /cti/tx2/spacely/base

Flashing commands

export LDK_DIR=/home/nvidia/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra

export ROOTFS_ENC=1

export ODMDATA=0x6090000

export SYSBOOTFILE=p2771-0000/extlinux.conf;

export DTB_DIR=/home/nvidia/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra

export DTB_FILE=tegra186-tx2-cti-ASG006.dtb;

export TBCDTB_FILE=$DTB_FILE;

export ext_target_board=cti-tx2-asg006-00;

source "${LDK_DIR}/cti-tx2.conf.common";

cd ${LDK_DIR}

source ./cti/tx2/spacely/base.conf

sudo FAB=B02 BOARDID=3310 BOARDSKU=1000 USE_UBOOT=0 ./flash.sh --sign --no-flash \

-x 0x18 \

-u <pkc key file> \

-v <sbk key file> \

--user_key <user key fie> \

-i <disk encryptio > \

cti/tx2/spacely/base mmcblk0p1

TX2 Flashing
After this, the sudo bash ./flashcmd.txt was used to flash the target.

After this the target does come up. But with only the following few lines showing up at Boot over UART0
Boot log over serial console

[ 3.526839] ina3221x 0-0042: ina3221 reset failure status: 0xffffff87
[ 3.533679] ina3221x 0-0043: ina3221 reset failure status: 0xffffff87
[ 4.064509] cgroup: cgroup2: unknown option “nsdelegate”
[ 5.640254] using random self ethernet address
[ 5.653600] using random host ethernet address
[ 5.962343] tegra_cec 3960000.tegra_cec: timeout in tegra_cec_native_write_l:172.
[ 5.970450] tegra_cec 3960000.tegra_cec: Sent res: -62.
[ 5.977123] tegra_cec 3960000.tegra_cec: tegra_cec_init Done.
[ 6.690621] using random self ethernet address
[ 6.695140] using random host ethernet address
[ 6.835061] CPU1: shutdown
[ 6.919313] CPU2: shutdown
[ 8.048188] Bridge firewalling registered

Ubuntu 18.04.6 LTS tx2 ttyS0

tx2 login:

Password:
Last login: Fri Dec 10 14:46:37 IST 2021 on ttyS0
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.9.253-tegra aarch64)

Documentation: [https://help.ubuntu.com](https://help.ubuntu.com/)

Management: [https://landscape.canonical.com](https://landscape.canonical.com/)

Support: [Ubuntu Pro | Ubuntu](https://ubuntu.com/advantage)
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the ‘unminimize’ command.

302 updates can be applied immediately.
260 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Kindly let me know how to obtain complete boot log and through boot log or otherwise verify that

1. The fuse burning worked
2. The Secure boot worked
3. Kernel encryption worked
4. Disk encryption worked

hello Rafeek.Sainudeen,

you may see-also developer guide, Accessing the Fuse from the Target for reading fuse from the target to confirm (1), (2), and (3).
regarding to (4), please check lsblk to ensure you’ve flash the APP_ENC partition correctly.

Hi @JerryChang,
Thanks for the suggestions!

Blockquote
you may see-also developer guide, [Accessing the Fuse from the Target] for reading fuse from the target to confirm (1), (2), and (3).

Tried all the options given in that link.
On the host with target connected in recovery mode
Specifying both PKC and SBK key

sudo ./odmfuseread.sh -i 0x18 -k <RSA key file> -S <sbk key file> /home/nvidia/l4t_462/cti/tx2/spacely/base 

It gives the following error

Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

As can be seen from the odmfuse command used to program the keys, PKC, SBK and KEK2 keys were programmed. So why am I getting this error message?

Specifying only the PKC key

sudo ./odmfuseread.sh -i 0x18 -k <RSA key file> /home/nvidia/l4t_462/cti/tx2/spacely/base

Following is the log from that

./tegraflash.py --chip 0x18 --applet "/home/nvidia/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/bootloader/mb1_recovery_prod.bin" --skipuid --cmd "dump eeprom boardinfo cvm.bin" --key "/home/nvidia/VAN/rsa_priv.pem" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0041 ] Generating RCM messages
[   0.0060 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x18 0 --download rcm /home/nvidia/nvidia/nvidia_sdk/JetPack_4.6.2_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/bootloader/mb1_recovery_prod.bin 0 0
[   0.0066 ] RCM 0 is saved as rcm_0.rcm
[   0.0071 ] RCM 1 is saved as rcm_1.rcm
[   0.0071 ] List of rcm files are saved in rcm_list.xml
[   0.0071 ] 
[   0.0071 ] Signing RCM messages
[   0.0093 ] tegrasign_v3.py --key /home/nvidia/VAN/rsa_priv.pem --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0109 ] K[   0.0133 ] ey size is 256 bytes
[   0.0392 ] Saving pkc public key in pub_key.key
[   0.0390 ] Copying signature to RCM mesages
[   0.0409 ] tegrarcm_v2 --chip 0x18 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.0419 ] 
[   0.0419 ] Boot Rom communication
[   0.0438 ] tegrarcm_v2 --chip 0x18 0 --rcm rcm_list_signed.xml --skipuid
[   0.0444 ] RCM version 0Xa
[   0.4634 ] Boot Rom communication failed
[   5.5561 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x18 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.

Why am I getting this error?

Using tegrafuse.sh on the target

sudo ./tegrafuse.sh

odm_lock : 0x00000000
arm_jtag_disable : 0x00000000
odm_production_mode : 0x00000001
boot_security_info : 0x00000006
odm_info : 0x00000000

why is it not displaying the fuse values?

Blockquote
please check lsblk to ensure you’ve flash the APP_ENC partition correctly.

Here is the output from running lsblk on the target

NAME         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0          7:0    0    16M  1 loop 
mmcblk0      179:0    0  29.1G  0 disk 
├─mmcblk0p1  179:1    0    28G  0 part /
├─mmcblk0p2  179:2    0     4M  0 part 
├─mmcblk0p3  179:3    0     4M  0 part 
├─mmcblk0p4  179:4    0   512K  0 part 
├─mmcblk0p5  179:5    0   512K  0 part 
├─mmcblk0p6  179:6    0   512K  0 part 
├─mmcblk0p7  179:7    0   512K  0 part 
├─mmcblk0p8  179:8    0     3M  0 part 
├─mmcblk0p9  179:9    0     3M  0 part 
├─mmcblk0p10 179:10   0     2M  0 part 
├─mmcblk0p11 179:11   0     4M  0 part 
├─mmcblk0p12 179:12   0     4M  0 part 
├─mmcblk0p13 179:13   0   604K  0 part 
├─mmcblk0p14 179:14   0   604K  0 part 
├─mmcblk0p15 179:15   0     1M  0 part 
├─mmcblk0p16 179:16   0     1M  0 part 
├─mmcblk0p17 179:17   0     2M  0 part 
├─mmcblk0p18 179:18   0     2M  0 part 
├─mmcblk0p19 179:19   0     6M  0 part 
├─mmcblk0p20 179:20   0     6M  0 part 
├─mmcblk0p21 179:21   0     2M  0 part 
├─mmcblk0p22 179:22   0   128M  0 part 
├─mmcblk0p23 179:23   0   128M  0 part 
├─mmcblk0p24 179:24   0    63M  0 part 
├─mmcblk0p25 179:25   0   512K  0 part 
├─mmcblk0p26 179:26   0   256K  0 part 
├─mmcblk0p27 179:27   0   256K  0 part 
├─mmcblk0p28 179:28   0    80M  0 part 
├─mmcblk0p29 179:29   0    80M  0 part 
├─mmcblk0p30 179:30   0   512K  0 part 
├─mmcblk0p31 179:31   0   512K  0 part 
├─mmcblk0p32 259:0    0   300M  0 part 
└─mmcblk0p33 259:1    0 317.8M  0 part 
mmcblk0boot0 179:32   0     4M  1 disk 
mmcblk0boot1 179:64   0     4M  1 disk 
mmcblk0rpmb  179:96   0     4M  0 disk 
zram0        252:0    0 982.3M  0 disk [SWAP]
zram1        252:1    0 982.3M  0 disk [SWAP]
zram2        252:2    0 982.3M  0 disk [SWAP]
zram3        252:3    0 982.3M  0 disk [SWAP]

I think the encrypted partition is not showing up (?)
In summary

1. Error message from odmfuseread that “SBK key file is provided for PKC protected target board” when provided with RSA and SBK keys
2. odmfuseread giving " Boot Rom communication failed
   Error: Return value 3
   Command tegrarcm_v2 --chip 0x18 0 --rcm rcm_list_signed.xml --skipuid
   Reading board information failed." error message when provided only the RSA Key
3. tegrafuse.sh not displaying any fuses except the production mode.

Please suggest further options to troubleshoot.

hello Rafeek.Sainudeen,

it’s only supported to read fuse via PKC + SBK.
according to the log of tegraflash.py, it looks only SBK key has given for running the odmfuseread.

I assume you’ve already burning fuse with PKC+SBK.
could you please try put this device enter forced-recovery mode, and running below for testing, please check it could re-create the fuse blob correctly.
for example,
$ sudo BOARDID=<boardid> BOARDSKU=<sku> FAB=<fab> ./odmfuse.sh --noburn -i 0x18 --auth SBKPKC -p -k <PKC Key file> -S <SBK file> jetson-tx2

Hi @JerryChang,

Blockquote
according to the log of tegraflash.py, it looks only SBK key has given for running the odmfuseread.

As I mentioned in my previous post, I tried giving both RSA key and SBK key. It gave an error. Quoting below from my previous post.

Blockquote

sudo ./odmfuseread.sh -i 0x18 -k <RSA key file> -S <sbk key file> /home/nvidia/l4t_462/cti/tx2/spacely/base 

It gives the following error

Error: Either RSA key file is not provided or SBK key file is provided for PKC protected target board.

As can be seen from the odmfuse command used to program the keys, PKC, SBK and KEK2 keys were programmed. So why am I getting this error message?

Blockquote
I assume you’ve already burning fuse with PKC+SBK.

Yes. I have.
and the odmfuse_pkc.xml in the Linux_for_tegra/bootloader of the host PC contains SBK and Kek2 entries as well.

hello Rafeek.Sainudeen,

we’re looking into it.

you may have below quick fixes to revise odmfuse.func for reading fuse info, although the BootSecurityInfo may be incorrect with this workaround.
for example,

diff --git a/secureboot/odmfuse.func b/secureboot/odmfuse.func
index 57598f1d6b44..8bd63b4767f9 100644
--- a/secureboot/odmfuse.func
+++ b/secureboot/odmfuse.func
@@ -502,8 +502,8 @@ get_fuse_level ()
                        0|1|2) flval="fuselevel_nofuse"; ;;
                        8)     flval="fuselevel_production"; ;;
                        9|d)   flval="fuselevel_production"; baval="SBK"; ;;
-                       a|e)   flval="fuselevel_production"; baval="PKC"; ;;
-                       b|f)   flval="fuselevel_production"; baval="SBKPKC"; ;;
+                       a|b)   flval="fuselevel_production"; baval="PKC"; ;;
+                       e|f)   flval="fuselevel_production"; baval="SBKPKC"; ;;
                        c)     flval="fuselevel_production"; baval="NS"; ;;

Hi @JerryChang,
Thanks for the reply.
I tried running odmfuseread.sh after doing the changes to odmfuse.func that you specified.
This time it executed without any errors.
In the output,

1. the PublicKeyHash is displayed correctly (it matches with the value in odmfuse_pkc.xml - as expected
2. SecureBootKey and the KEK keys are all shown as ffffffffffffffffffffffffffffffff. They are not matching with the corresponding values in odmfuse_pkc.xml. This is not as expected. Please let me know further updates to the fuse reading that could fix this.

as mentioned, it’s workaround to unblock the usage of odmfuseread.sh. there’re still issues unsolved yet.

hello Rafeek.Sainudeen,

please apply below fixes to revise secureboot/odmfuse.func for reading fuse info
for example,

@@ -500,11 +500,10 @@
 		else
 			case ${flval} in
 			0|1|2) flval="fuselevel_nofuse"; ;;
-			8)     flval="fuselevel_production"; ;;
+			8|c)   flval="fuselevel_production"; baval="NS"; ;;
 			9|d)   flval="fuselevel_production"; baval="SBK"; ;;
-			a|e)   flval="fuselevel_production"; baval="PKC"; ;;
-			b|f)   flval="fuselevel_production"; baval="SBKPKC"; ;;
-			c)     flval="fuselevel_production"; baval="NS"; ;;
+			a)     flval="fuselevel_production"; baval="PKC"; ;;
+			e)     flval="fuselevel_production"; baval="SBKPKC"; ;;
 			*)     flval="fuselevel_unknown"; ;;
 			esac;
 		fi;

BTW,
it turns out the BootSecurityInfo with 0x4 is expected.
the 0x4 isn’t the exactly fuse value, it’s the mode value defined as security modes.
for example,
here’s list of security modes.
this is security mode instead of the exact fuse value. that explained why value 4 is SBK+RSA.

#define FUSE_BOOT_SECURITY_AESCMAC               0U
#define FUSE_BOOT_SECURITY_RSA                   1U
#define FUSE_BOOT_SECURITY_ECC                   2U
#define FUSE_BOOT_SECURITY_AESCMAC_ENCRYPTION    3U
#define FUSE_BOOT_SECURITY_RSA_ENCRYPTION        4U
#define FUSE_BOOT_SECURITY_ECC_ENCRYPTION        5U
#define FUSE_BOOT_SECURITY_AES_ENCRYPTION        6U
#define FUSE_BOOT_SECURITY_MAX                   7U

Thank you @JerryChang , let me try this at my end and get back

Is this still an issue to support? Any result can be shared? Thanks

Hi @JerryChang , @kayccc ,
I tried with your changes to the odmfuse.func

Blockquote

@@ -500,11 +500,10 @@
 		else
 			case ${flval} in
 			0|1|2) flval="fuselevel_nofuse"; ;;
-			8)     flval="fuselevel_production"; ;;
+			8|c)   flval="fuselevel_production"; baval="NS"; ;;
 			9|d)   flval="fuselevel_production"; baval="SBK"; ;;
-			a|e)   flval="fuselevel_production"; baval="PKC"; ;;
-			b|f)   flval="fuselevel_production"; baval="SBKPKC"; ;;
-			c)     flval="fuselevel_production"; baval="NS"; ;;
+			a)     flval="fuselevel_production"; baval="PKC"; ;;
+			e)     flval="fuselevel_production"; baval="SBKPKC"; ;;
 			*)     flval="fuselevel_unknown"; ;;
 			esac;
 		fi;

However I am still getting the previously reported result
SBK, KEK2 are still showing as ffffffffffffffffff…
and not the expected values.

please also check $ sudo ./tegrafuse.sh

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.