Hello,
I’m trying to enable UEFI Secure Boot on a Jetson AGX Orin following the official documentation “Enable UEFI Secure Boot Using UEFI Utilities from an Ubuntu Prompt”, but encounter permission errors:
Environment:
- Jetson AGX Orin with JetPack 5.1.1
- Following documentation for enabling UEFI secure boot
Current Status:
I’ve verified that Secure Boot is currently disabled and that the device is in Setup Mode:
# SecureBoot is currently disabled
$ efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "SecureBoot"
Attributes:
Boot Service Access
Runtime Service Access
Value:
00000000 00 |. |
# Device is in Setup Mode
$ efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-SetupMode
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "SetupMode"
Attributes:
Boot Service Access
Runtime Service Access
Value:
00000000 01 |. |
When I try to write the DB, KEK, or PK using efi-updatevar, I get permission errors:
$ efi-updatevar -f /uefi_keys/db.auth db
Cannot write to db, wrong filesystem permissions
# Try to use sudo
$ sudo efi-updatevar -f /uefi_keys/db.auth db
Failed to update db: Invalid argument
Has anyone encountered these issues while setting up UEFI Secure Boot? Are there additional steps or permissions needed that aren’t mentioned in the documentation?
Thanks!