Hwkey-app (hwkey-agent) not working on Xavier

The hwkey-agent is enabled by default (https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide%2Ftrusty.html%23wwpID0E0GI0HA) and doesn’t seem to put any error messages into dmesg. However, when I run hwkey-app, with DEBUG enabled, I just get:

# ~/hwkey-app -e -i t0 -o t1 -t
tipc_connect: can't connect to tipc service "hwkey-agent.srv.crypto-srv" (err=107)

Can anyone suggest what the cause might be?


hello edmund.grimley-evans,

may I know which JetPack release you’re working with,
also, had you already enable secureBoot and secureOS for testing TA/CA services.

Thanks for replying!

I don’t think I know the JetPack release version because the
installation was done by a colleague, but I can quote the kernel
version: 4.9.140-l4t-r32.3.1+g47e7e1cb0b49

I haven’t enabled secureBoot and secureOS. I was hoping I could test
hwkey without doing that.

Is it necessary to blow real physical fuses in order to test the key
derivation code in hwkey?



hello edmund.grimley-evans,

you’ll need to enable security features to make TA/CA service works.
however, the hwkey-agent TA/CA should works without fuse burned, just the same thing as the zero KEK2 key.
please setup serial consoles for checking bootloader messages, you should found below messages means it’s working.

NOTICE:  BL31: v1.3(release):tegra-l4t-r32.4.2
NOTICE:  BL31: Built : 16:24:39, May 28 2020
ipc-unittest-main: 1519: Welcome to IPC unittest!!!
ipc-unittest-main: 1531: waiting forever
ipc-unittest-srv: 329: Init unittest services!!!
hwkey-agent: 40: hwkey-agent is running!!
hwkey-agent: 182: key_mgnt_processing .......
hwkey-agent: 157: Init hweky-agent services!!

Thank you. That has got me a step further. I can now see an error message:

hwkey-agent: 153: ekb_verification: EKB_CMAC verification is not match.

If I ignore the failure from ekb_verification, by setting rc = NO_ERROR immediately after calling that function, then hwkey-app seems to work for encryption and decryption.


I have the same error.
how to enable security feature.