I want to sign kernel and dtb files

hello jw.cs.park,

could you please have an alternative way by using flash script.
for example,
$ sudo ./flash.sh --no-flash -r -k A_kernel-dtb jetson-agx-orin-devkit mmcblk0p1

I copied built Image to Linux_for_Tegra/kernel/Image
and dtb to Linux_for_Tegra/kernel/dtb/tegra234-p3701-0000-p3737-0000.dtb

After that, I ran your suggested command and it showed some errors.

###############################################################################
# L4T BSP Information:
# R35 , REVISION: 1.0
###############################################################################
Board ID() version() sku() revision()
copying bctfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-p3701-0000-p3737-0000-TE990M-sdram.dts)... done.
copying device_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-device-p3701-0000.dts)... done.
copying misc_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-misc-p3701-0000.dts)... done.
copying pinmux_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-pinmux-p3701-0000.dtsi)... done.
copying gpioint_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-gpioint-p3701-0000.dts)... done.
copying pmic_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-pmic-p3701-0000.dts)... done.
copying pmc_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-padvoltage-p3701-0000.dtsi)... done.
copying deviceprod_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-cprod-p3701-0000.dts)... done.
copying prod_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-prod-p3701-0000.dts)... done.
copying scr_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb2-bct-scr-p3701-0000.dts)... done.
copying wb0sdram(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-p3701-0000-p3737-0000-TE990M-wb0sdram.dts)... done.
copying bootrom_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-reset-p3701-0000.dts)... done.
copying dev_params(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-br-bct-p3701-0000.dts)... done.
copying dev_params_b(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-br-bct_b-p3701-0000.dts)... done.
copying mb2bct_cfg(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb2-bct-misc-p3701-0000.dts)... done.
Existing pscfwfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/pscfw_t234_prod.bin) reused.
Existing pscbl1file(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/psc_bl1_t234_prod.bin) reused.
Existing mtsmcefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mce_flash_o10_cr_prod.bin) reused.
Existing mb2applet(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/applet_t234.bin) reused.
Existing bootloader(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
copying initrd(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
Making Boot image... done.
bl is uefi
Not signing of boot.img
Existing sosfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb1_t234_prod.bin) reused.
Existing tegraboot(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing cpu_bootloader(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing mb2blfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing xusbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/xusb_t234_prod.bin) reused.
Existing dcefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/display-t234-dce.bin) reused.
Existing nvdecfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/nvdec_t234_prod.fw) reused.
Existing psc_rf(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/psc_rf_t234_prod.bin) reused.
Existing mb2_rf(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2rf_t234.bin) reused.
Existing mb1file(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb1_t234_prod.bin) reused.
Existing bpffile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/bpmp_t234-TE990M-A1_prod.bin) reused.
copying bpfdtbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/tegra234-bpmp-3701-0000-3737-0000.dtb)... done.
Existing scefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/camera-rtcpu-sce.img) reused.
Existing camerafw(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/camera-rtcpu-t234-rce.img) reused.
Existing apefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/adsp-fw.bin) reused.
Existing spefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/spe_t234.bin) reused.
Existing wb0boot(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/sc7_t234_prod.bin) reused.
Existing tosfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tos-optee_t234.img) reused.
Existing eksfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/eks.img) reused.
copying dtbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/kernel/dtb/tegra234-p3701-0000-p3737-0000.dtb)... done.
Copying nv_boot_control.conf to rootfs
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
sed: can't read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory
Not signing of kernel-dtb
Reusing existing system.img...
file does not exist.

To correct ‘sed: can’t read /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/rootfs/etc/nv_boot_control.conf: Not a directory’ error, I made a directory: Linux_for_Tegra/rootfs/etc and that errors disappear. But still have errors:

Not signing of kernel-dtb
Reusing existing system.img...
file does not exist.

If I use this command, (-r is removed from suggested command)

sudo ./flash.sh --no-flash -k A-kernel-dtb jetson-agx-orin-devkit mmcblk0p1
###############################################################################
# L4T BSP Information:
# R35 , REVISION: 1.0
###############################################################################
Board ID() version() sku() revision()
copying bctfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-p3701-0000-p3737-0000-TE990M-sdram.dts)... done.
copying device_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-device-p3701-0000.dts)... done.
copying misc_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-misc-p3701-0000.dts)... done.
copying pinmux_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-pinmux-p3701-0000.dtsi)... done.
copying gpioint_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-gpioint-p3701-0000.dts)... done.
copying pmic_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-pmic-p3701-0000.dts)... done.
copying pmc_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-padvoltage-p3701-0000.dtsi)... done.
copying deviceprod_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-cprod-p3701-0000.dts)... done.
copying prod_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-prod-p3701-0000.dts)... done.
copying scr_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb2-bct-scr-p3701-0000.dts)... done.
copying wb0sdram(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-p3701-0000-p3737-0000-TE990M-wb0sdram.dts)... done.
copying bootrom_config(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb1-bct-reset-p3701-0000.dts)... done.
copying dev_params(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-br-bct-p3701-0000.dts)... done.
copying dev_params_b(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-br-bct_b-p3701-0000.dts)... done.
copying mb2bct_cfg(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/BCT/tegra234-mb2-bct-misc-p3701-0000.dts)... done.
Existing pscfwfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/pscfw_t234_prod.bin) reused.
Existing pscbl1file(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/psc_bl1_t234_prod.bin) reused.
Existing mtsmcefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mce_flash_o10_cr_prod.bin) reused.
Existing mb2applet(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/applet_t234.bin) reused.
Existing bootloader(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
copying initrd(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
Making Boot image... done.
bl is uefi
Not signing of boot.img
Existing sosfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb1_t234_prod.bin) reused.
Existing tegraboot(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing cpu_bootloader(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing mb2blfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2_t234.bin) reused.
Existing xusbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/xusb_t234_prod.bin) reused.
Existing dcefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/display-t234-dce.bin) reused.
Existing nvdecfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/nvdec_t234_prod.fw) reused.
Existing psc_rf(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/psc_rf_t234_prod.bin) reused.
Existing mb2_rf(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb2rf_t234.bin) reused.
Existing mb1file(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/mb1_t234_prod.bin) reused.
Existing bpffile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/bpmp_t234-TE990M-A1_prod.bin) reused.
copying bpfdtbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/tegra234-bpmp-3701-0000-3737-0000.dtb)... done.
Existing scefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/camera-rtcpu-sce.img) reused.
Existing camerafw(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/camera-rtcpu-t234-rce.img) reused.
Existing apefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/adsp-fw.bin) reused.
Existing spefile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/spe_t234.bin) reused.
Existing wb0boot(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/sc7_t234_prod.bin) reused.
Existing tosfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tos-optee_t234.img) reused.
Existing eksfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/eks.img) reused.
copying dtbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/kernel/dtb/tegra234-p3701-0000-p3737-0000.dtb)... done.
Copying nv_boot_control.conf to rootfs
Not signing of kernel-dtb
        populating kernel to rootfs... done.
        populating initrd to rootfs... done.
        populating kernel_tegra234-p3701-0000-p3737-0000.dtb to rootfs... done.
No signing of initrd and extlinux.conf
Existing tbcfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/uefi_jetson.bin) reused.
131072+0 records in
131072+0 records out
67108864 bytes (67 MB, 64 MiB) copied, 0.559789 s, 120 MB/s
        Sync'ing esp.img ... done.
copying tbcdtbfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/kernel/dtb/tegra234-p3701-0000-p3737-0000.dtb)... done.
copying cfgfile(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/t186ref/cfg/flash_t234_qspi_sdmmc.xml) to flash.xml... done.
Existing flashapp(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegraflash.py) reused.
*** Signing kernel_tegra234-p3701-0000-p3737-0000.dtb ***
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/L4TConfiguration.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-overlay-pcie.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-audio-codec-rt5658-40pin.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-a03-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-a04-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/L4TRootfsInfo.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-camera-dual-imx274-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-camera-e3331-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-camera-e3333-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-camera-imx185-overlay.dtbo) reused.
Existing overlay_dtb(/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegra234-p3737-camera-imx390-overlay.dtbo) reused.
./tegraflash.py --chip 0x23 --cmd "sign kernel_tegra234-p3701-0000-p3737-0000.dtb"  --bct_backup  --boot_chain A
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0069 ] tegrasign_v3.py --key None --getmode mode.txt
[   0.0070 ] Assuming zero filled SBK key
[   0.0065 ] Get magic id
[   0.0080 ] tegraparser_v2 --get_magic data
[   0.0094 ] DATA
[   0.0096 ] partition type data, magic id = DATA

[   0.0115 ] tegrahost_v2 --chip 0x23 0 --align kernel_tegra234-p3701-0000-p3737-0000_aligned.dtb
[   0.0145 ] tegrahost_v2 --chip 0x23 0 --magicid DATA
 --appendsigheader kernel_tegra234-p3701-0000-p3737-0000_aligned.dtb zerosbk
[   0.0159 ] adding BCH for kernel_tegra234-p3701-0000-p3737-0000_aligned.dtb
[   0.0460 ] tegrasign_v3.py --key None --list kernel_tegra234-p3701-0000-p3737-0000_aligned_sigheader.dtb_list.xml --pubkeyhash pub_key.key --sha sha512
[   0.0463 ] Assuming zero filled SBK key
[   0.0512 ] Warning: pub_key.key is not found
[   0.0526 ] tegrahost_v2 --chip 0x23 0 --updatesigheader kernel_tegra234-p3701-0000-p3737-0000_aligned_sigheader.dtb.encrypt kernel_tegra234-p3701-0000-p3737-0000_aligned_sigheader.dtb.hash zerosbk
[   0.0576 ] Copying kernel_tegra234-p3701-0000-p3737-0000_sigheader.dtb.encrypt to /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader
Traceback (most recent call last):
  File "./tegraflash.py", line 1369, in <module>
    tegraflash_run_commands()
  File "./tegraflash.py", line 1210, in tegraflash_run_commands
    interpreter.onecmd(command)
  File "/usr/lib/python3.6/cmd.py", line 217, in onecmd
    return func(arg)
  File "./tegraflash.py", line 730, in do_sign
    self.chip_inst.tegraflash_sign_binary(exports, args)
  File "/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/tegraflash_impl_t234.py", line 2542, in tegraflash_sign_binary
    shutil.copyfile(binary,  paths['WD'] + "/" + binary)
  File "/usr/lib/python3.6/shutil.py", line 104, in copyfile
    raise SameFileError("{!r} and {!r} are the same file".format(src, dst))
shutil.SameFileError: 'kernel_tegra234-p3701-0000-p3737-0000_sigheader.dtb.encrypt' and '/home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/kernel_tegra234-p3701-0000-p3737-0000_sigheader.dtb.encrypt' are the same file
Failed to flash/read t186ref.

In this case, Image, initrd, kernel_tegra234-p3701-0000-p3737-0000.dtb file are copied in rootfs/boot folder.

If I delete /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/kernel_tegra234-p3701-0000-p3737-0000_sigheader.dtb.encrypt file, the final results is

[   0.0552 ] Signed file: /home/jw.cs.park/NVIDIA-Kernels/Linux_for_Tegra/bootloader/kernel_tegra234-p3701-0000-p3737-0000_sigheader.dtb.encrypt
*** kernel_tegra234-p3701-0000-p3737-0000.dtb has been signed successfully. ***

But I want to get .sig file, not _sigheader.dtb.encrypt.

I wish this could be helpful to fix the problem.
Thank you for your support.

hello jw.cs.park,

may I know what’s your development environment.
did you install JetPack release image with NVIDIA SDK Manager | NVIDIA Developer?

Hi Jerry,

I installed L4T Driver Package (BSP) and Sample Root Filesystem from Jetson Linux 35.1 | NVIDIA Developer.

I flashed Sample Root Filesystem on Orin and installed JetPack 5.0.2.

I extracted OTA Tools and Secureboot to Linux_for_Tegra folder (at compile server).

hello jw.cs.park,

please have a try to download JetPack release image with NVIDIA SDK Manager | NVIDIA Developer to setup the environment, thanks

But ./flash.sh script is for Ubuntu PC. It can be just downloaded from L4T Driver Package (BSP) of Jetson Linux 35.1 | NVIDIA Developer.
Because of firewall issue, I couldn’t use NVIDIA SDK Manager | NVIDIA Developer.

In case of Xavier, ./flash.sh script generates .sig files well in my environment. I think the reason why .sig file is not generated it the modification of flash.sh script. I found that there are many changes in this file compared to that of Xavier’s.
signimage() function in flash.sh looks like generating .sig file but I don’t know how to reach function call point because the call sequence is quite complicated. I think this is not related the way how to install JetPack. It may be related with script options.
Does your suggested script generates .sig files in your environment?

Thanks a lot.

hello jw.cs.park,

I can execute l4t_sign_image.sh to generate files correctly.
for example,
$ sudo ./l4t_sign_image.sh --file kernel/Image --chip 0x23 --type kernel
$ sudo ./l4t_sign_image.sh --file kernel/dtb/tegra234-p3701-0000-p3737-0000.dtb --chip 0x23 --type kernel_dtb

Are the generated files (Image.sig and tegra234-p3701-0000-p3737-0000.dtb.sig) working on Orin board?
In my case, unfortunately, still shows error.

$sudo insmod my_module.ko
insmod: ERROR: could not insert module my_module.ko: Invalid parameters

$sudo dmesg -w

...
[ 30.177705] my_module :module verification failed: signature and/or required key missing - tainting kernel

I copied
Image and Image.sig to /boot in Orin,
kernel_tegra234-p3701-0000-p3737-0000.dtb and kernel_tegra234-p3701-0000-p3737-0000.dtb.sig to /boot/dtb in Orin.

In the case of Xavier, this way works and we don’t need to flash board to update the kernel image.
In the case of Orin with DP 5.0.0, this way works too. But we don’t need to sign image and dtb in DP because secure boot was not supported at that time. So I just copied Image and kernel_tegra234-p3701-0000-p3737-0000.dtb files without .sig files.

Thank you for your continuous support.

hello jw.cs.park,

you should not yet fuse the target to enable SecureBoot, right?
FYI,
when kernel developers are developing their kernel, the best practice to workaround this issue is to delete Image.sig (assume that unfused board is used).
when kernel development is complete, a valid Image.sig must be generated and placed in /boot folder.

Is it possible to disable SecureBoot for JetPack 5.0.2?
I flashed the board using this command, which is written in Jetson-Linux r35.1 GA Release Notes (nvidia.com) with the Sample Root Filesystem which is extracted in Linux_for_Tegra/rootfs.

sudo ./flash.sh jetson-agx-orin-devkit mmcblk0p1

After that, I installed JetPack with the following commands

sudo apt dist-upgrade
sudo apt install nvidia-jetpack

I didn’t extract Secureboot in Linux_for_Tegra to PC for flashing. However, when I insmod my customized kernel module, dmesg shows error that I need signature. Is there any possible way to ignore Secure boot in 5.0.2?

hello jw.cs.park,

SecureBoot is not yet enabled. it’s using all zero for signing binaries.

back to your origin question.
for your development process, you may push the binary to the file system, sign/encryption is unnecessary.

as you can see in /boot/extlinux/extlinux.conf,
LINUX /boot/Image
FDT /boot/dtb/kernel_tegra234-p3701-0000-p3737-0000.dtb
please create a new label to assign your kernel and device tree, or you may replace these binary with your customize image.

I’m sorry but I did it already, before I raised this issue.
I copied Image and dtb just a second ago, and I got this error again

[ 30.177705] my_module :module verification failed: signature and/or required key missing - tainting kernel

For test, I did insmod max96712.ko, which is generated when the kernel is built in default configuration without any modifying in kernel source code.

I didn’t see this error in DP 5.0.0.

It’s a frustrating situation…

I’m using sample File Sytem, is this can be a problem?
Is it correct that Secureboot is not enabled yet in sample FS?

hello jw.cs.park,

I cannot reproduce the same issue on Orin DevKit, it’s flashed with JetPack-5.0.2
$ sudo insmod /usr/lib/modules/5.10.104-tegra/kernel/drivers/media/i2c/max96712.ko

Thank you for test.

$ sudo insmod /usr/lib/modules/5.10.104-tegra/kernel/drivers/media/i2c/max96712.ko

This command does not reproduce error in my environment also.
I think this .ko module is copied from the sample file system.

Until now, I copied my customized new module from the compile PC to board, and I did insmod modules. By this method, newly compiled build/drivers/media/i2c/max96712.ko shows the error.

Could you please test this method? (insmod newly compiled module without signing Image and dtb)

I found what is the problem.

In the kernel/kernel-5.10/arch/arm64/configs/defconfig, CONFIG_MODULE_SIG=y is added in 5.0.2, which is not in DP 5.0.0.
I compiled the kernel with CONFIG_MODULE_SIG=n and copied compiled kernel and module to board. And I did insmod of newly compiled kernel module.

Module verification error (my_module :module verification failed: signature and/or required key missing - tainting kernel) has disappeared. However, I could see other error.

[   89.929329] nv_imx219: disagrees about version of symbol module_layout
[  107.639780] nv_lc898212: disagrees about version of symbol module_layout

I think signing issue is solved and other issue begins.
I sincerely thank you for your following the issue.

hello jw.cs.park,

we still cannot repo the failure by insmod newly compiled module.

however,
may I know how you obtain the kernel sources?
you may see-also Topic 224160 to resolve JetPack-5.0.2 kernel compile issue.
and… could you please initial a new discussion thread for tracking this.
thanks

Thank you for your reply.
I downloaded L4T Driver Package (BSP) Sources from Jetson Linux 35.1 | NVIDIA Developer. I extracted public_sources.tbz2 and extracted Linux_for_Tegra/source/public/kernel_src.tbz2. I got kernel sources with this way.

I will open a new issue about the error message to follow your request.

disagrees about version of symbol module_layout

Issue link is here.
Insmod issue: disagrees about version of symbol module_layout - Jetson & Embedded Systems / Jetson AGX Orin - NVIDIA Developer Forums

Thanks

Until now, I used flash.sh to flash Orin.
I flashed Orin with SDK manager and it works now.
Thank you for your following

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.