We are facing issue with fusing Jetson AGX Orin SOM.
after fusing the device , when we read back the fuses after booting system , we see reserve_odm3 to reserve_odm7 and BootSecurityInfo values are different than what we fused.
We have seen this behaviour on all units we fused.
sample fuse configuration file used to fuse:
<genericfuse MagicId="0x45535546" version="1.0.0">
...
<fuse name="ReservedOdm3" size="4" value="0xb81cf8ce"/>
<fuse name="OdmLock" size="4" value="0xF"/>
<fuse name="ReservedOdm4" size="4" value="0x1f72062c"/>
...
<fuse name="BootSecurityInfo" size="4" value="0x209"/>
<fuse name="SecurityMode" size="4" value="0x1"/>
...
</genericfuse>
fuse command :
./odmfuse.sh -X config.xml -i 0x23 jetson-agx-orin-devkit
--- host log confirms it is using the intended fuse values from config.xml
Existing cpubl(/home/dsteam/devel/ocb/jetpack-5.1.1/Linux_for_Tegra/bootloader/uefi_jetson.bin) reused.
MagicId=0x45535546 version=0x1
...
node: name=ReservedOdm3 size=4
value=0xb81cf8ce
node: name=OdmLock size=4
value=0xF
node: name=ReservedOdm4 size=4
value=0x1f72062c
...
node: name=BootSecurityInfo size=4
value=0x209
node: name=SecurityMode size=4
value=0x1
done.
size of FSKP binary 381760
size of Fuse Blob 556
File saved as fskp_t234_updated.bin
done.
...
root@skye-sb-cot:~# cat /sys/devices/platform/tegra-fuse/reserved_odm3
0x5d5f123e
root@skye-sb-cot:~# cat /sys/devices/platform/tegra-fuse/reserved_odm4
0xa4e6372c
...
root@skye-sb-cot:~# cat /sys/devices/platform/tegra-fuse/boot_security_info
0x00000000
Could you please help us understand and fix this issue.
hello vijayaca,
could you please add --test to an odmfuse.sh command for verification.
Hi Jerry,
Attached host and target logs for fusing, removed few entries for security reason.fuses-burning-host.log (90.5 KB)fuses-burning-serial-uart.log (28.8 KB)
Hi Jerry,
sudo ./odmfuse.sh --test -X ../tmp_data/SKY_TEST_01-skye-fuse.xml -k ../keys/public_key0.pem -S ../keys/sbk.key -i 0x23 jetson-agx-orin-devkit
./tegraflash.py --chip 0x23 --applet "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/mb1_t234_prod.bin" --skipuid --cfg readinfo_t234_min_prod.xml --dev_params tegra234-br-bct-diag-boot.dts --device_config tegra234-mb1-bct-device-p3701-0000.dts --misc_config tegra234-mb1-bct-misc-p3701-0000.dts --bins "mb2_applet applet_t234.bin" --cmd "dump eeprom cvm cvm.bin; dump custinfo custinfo_out.bin; reboot recovery" --encrypt_key "/opt/skye-installer/keys/sbk.key" --key "/opt/skye-installer/keys/public_key0.pem"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
[ 0.0181 ] tegrarcm_v2 --chip 0x23 0 --ismb2applet
[ 0.0183 ] File rcm_state open failed
[ 0.0185 ] ERROR: failed to read rcm_state
[ 0.0185 ]
[ 0.0214 ] tegrasign_v3.py --key /opt/skye-installer/keys/public_key0.pem --getmode mode.txt
[ 0.0220 ] Key size is 384 bytes
[ 0.0268 ] Pre-processing config: tegra234-mb1-bct-device-p3701-0000.dts
[ 0.0723 ] Pre-processing config: tegra234-mb1-bct-misc-p3701-0000.dts
[ 0.0862 ] Parsing partition layout
[ 0.0867 ] tegraparser_v2 --pt readinfo_t234_min_prod.xml.tmp
[ 0.0885 ] Kernel DTB used: None
[ 0.0885 ] WARNING: dce base dtb is not provided
[ 0.0885 ] Parsing partition layout
[ 0.0889 ] tegraparser_v2 --pt readinfo_t234_min_prod.xml.tmp
[ 0.0895 ] Creating list of images to be encrypted and signed
[ 0.0900 ] tegrahost_v2 --chip 0x23 0 --partitionlayout readinfo_t234_min_prod.xml.bin --list images_list.xml oem-rsa
[ 0.0903 ] MB1: Nvheader already present is mb1_t234_prod_aligned.bin
[ 0.0928 ] Header already present for mb1_t234_prod_aligned_sigheader.bin
[ 0.0931 ] MB1: Nvheader already present is mb1_t234_prod_aligned.bin
[ 0.0986 ] Header already present for mb1_t234_prod_aligned_sigheader.bin
[ 0.0988 ] MB1: Nvheader already present is psc_bl1_t234_prod_aligned.bin
[ 0.1034 ] Header already present for psc_bl1_t234_prod_aligned_sigheader.bin
[ 0.1037 ] adding BCH for mb2_t234_aligned.bin
[ 0.1066 ] MB1: Nvheader already present is psc_bl1_t234_prod_aligned.bin
[ 0.1188 ] Header already present for psc_bl1_t234_prod_aligned_sigheader.bin
[ 0.1190 ] adding BCH for mb2_t234_aligned.bin
Traceback (most recent call last):
File "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/./tegraflash.py", line 1383, in <module>
tegraflash_run_commands()
File "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/./tegraflash.py", line 1217, in tegraflash_run_commands
interpreter.onecmd(command)
File "/usr/lib/python3.10/cmd.py", line 217, in onecmd
return func(arg)
File "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/./tegraflash.py", line 855, in do_dump
self.chip_inst.tegraflash_dump(exports, args)
File "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/tegraflash_impl_t234.py", line 2390, in tegraflash_dump
self.tegraflash_enc_and_sign_images()
File "/opt/skye-installer/Linux_for_Tegra_r35.3.1/bootloader/tegraflash_impl_t234.py", line 1856, in tegraflash_enc_and_sign_images
for file_nodes in xml_tree.getiterator('file'):
AttributeError: 'ElementTree' object has no attribute 'getiterator'
Reading board information failed.
hello vijayaca,
FYI,dd utility to export the fuse values.boot_security_info:$ sudo dd if=/sys/bus/nvmem/devices/fuse/nvmem of=boot_security_info bs=4 count=1 skip=$((0x5a))hexdump to examine the values. $ hexdump -c boot_security_info
anyways,
hi Jerry,
Is it new tool? which release will have the tool?
where can I find the mapping of nvmem to read ReservedOdm fuse values?
it’s just a sample, please wait for next public Jetpack release with tool update to read fuses.
system
August 9, 2023, 1:20am
13
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.