Issue with booting Orin Industrial module after flashing with encrypted and signed jetpack


I have been trying to flash an AGX Orin Industrial module with the latest jetpack (5.1.2) and with both encryption and signing enabled, but the device is not booting up after flashing is complete. I’m using the following command to flash it: sudo ./ -u /keys/rsa_priv_0.pem -v keys/sbk.key jetson-agx-orin-devkit-industrial mmcblk0p1. The module had been fused prior to flashing.

During boot I can see the following error coming up:

I> Task: Boot device init
I> Boot_device: QSPI_FLASH instance: 0
I> Qspi clock source : pllc_out0
I> QSPI Flash: Macronix 64MB
I> QSPI-0l initialized successfully
I> Task: TSC init
I> Task: Load membct
I> RAM_CODE 0x4000041
I> Loading MEMBCT 
I> Slot: 0
I> Binary[1] block-3840 (partition size: 0x40000)
I> Binary name: MEM-BCT-1
I> Size of crypto header is 8192
I> Size of crypto header is 8192
I> strt_pg_num(3840) num_of_pgs(16) read_buf(0x40050000)
I> BCH of MEM-BCT-1 read from storage
I> BCH address is : 0x40050000
I> MEM-BCT-1 header integrity check is success
I> Binary magic in BCH component 1 is MEM1
I> component binary type is 1
I> strt_pg_num(3971) num_of_pgs(115) read_buf(0x40040000)
I> MEM-BCT-1 binary is read from storage
C> LOADER: Could not read binary 1.
C> MSS: Failed to load MEMBCT.
C> Task 0x1c failed (err: 0x48229418)
E> Top caller module: MSS, error module: LOADER, reason: 0x18, aux_info: 0x94
C> Boot Info Table status dump :

Is it possible that the device was not properly fused? If that was the case, wouldn’t I have issues during flashing already?

I’m attaching the full device serial logs covering the flash and the error during boot:
industrial_serial_jetpack_fused.txt (23.8 KB)

Hi trave2,

Are you using the devkit or custom board for AGX Orin Industial?

Have you confirmed that you use the correct PKC and SBK key for this fused device?

Please also share the full flash log for further check.

Hi @KevinFFF

Thanks for your reply

Are you using the devkit or custom board for AGX Orin Industial?

I tried with both the devkit and our custom board. I get the same error during boot on both cases.

Have you confirmed that you use the correct PKC and SBK key for this fused device?

I’m confident that the device was fused with the correct PKC and SBK. I used the ./ to read back the fuses, and the PublicKeyHash matches the expected value. We can’t read back the SBK, but if I try to flash the jetpack with an incorrect SBK, flash is failing. Since when we use the correct SBK flashing is successful, it suggests that the device was fused correctly.

Please also share the full flash log for further check.

industrial_flash_jetpack_fused_devkit.txt (165.8 KB)

I also noticed that our Industrial module is an early access module. The board FAB is RC1. I wonder if this has anything to do with the issue we are seeing? or if it shouldn’t matter?

Board ID(3701) version(RC1) sku(0008) revision(B.0)
Chip SKU(00:00:00:90) ramcode(00:00:00:04) fuselevel(fuselevel_production) board_FAB(RC1)

Could you apply the following patch in <Linux_for_Tegra>/bootloader/ and re-flash the board to verify?

        if (md and len(md.groups()) > 0) or (f == patt):
            p_key.kdf.parse_file(p_key, f)
+  = None
            dk, params = load_params_oem(p_key)

Hi @KevinFFF

I just applied the patch you provided and re-flashed the unit, but unfortunately I’m still getting the exact same error during boot.

Could you share the full flash log and serial console log?
and also the detailed steps you perform to reproduce the issue.

Hi @KevinFFF

The logs I shared on the previous comments cover both the flashing and the serial output. As for the steps, I’m following the instructions from the Jetson Linux Developer Guide: Quick Start — Jetson Linux Developer Guide documentation. After downloading and extracting the Jetson Linux release and the sample root filesystem, I flash it using the command: sudo ./ -u /keys/rsa_priv_0.pem -v keys/sbk.key jetson-agx-orin-devkit-industrial mmcblk0p1.

However, I have some good news. I have now tried with the Jetpack 6 DP, and the module is booting successfully. It seems that the problem has been fixed with the latest release. Do you have any idea of what was the fix? I noticed that the /bootloader/ file changed significantly between releases.

Yes, we’ve found the R36.X has the fix for this issue and you would get the fix in the next R35.X release.

There’s another topic with this issue.
Fail to boot with SBK - Jetson & Embedded Systems / Jetson Orin Nano - NVIDIA Developer Forums

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.