JETSON LINUX VERSION 35.1.0 ADD Secure Boot

Autonomous Machines Jetson & Embedded Systems Jetson AGX Orin
,
1

HELLO,Jetson AGX Orin add Secure Boot use
openssl genrsa -out rsa_priv.pem 3072
why Generate PublicKeyHash value from an RSA key pair isnot success

root@ubuntu:/home/ssss/Desktop/test/Linux_for_Tegra/bootloader# sudo ./tegrakeyhash --pkc rsa_priv-3k.pem --chip 0x23
Assuming zero filled SBK key
Not supported for 0x23

use sudo ./tegrakeyhash --pkc rsa_priv-3k.pem --chip 0x19 Can succeed again

root@ubuntu:/home/ssss/Desktop/test/Linux_for_Tegra/bootloader# sudo ./tegrakeyhash --pkc rsa_priv-3k.pem --chip 0x19
Assuming zero filled SBK key
sha256 hash:
bytes:
0x97, 0xd3, 0x64, 0xe2, 0xd3, 0xd3, 0x5f, 0x03,
0x0a, 0x03, 0x8c, 0x41, 0xbb, 0xad, 0xc4, 0x2d,
0x0c, 0x15, 0xfa, 0x8d, 0x79, 0xba, 0x56, 0x99,
0x87, 0xe1, 0x9f, 0xdd, 0xb2, 0xe8, 0x0f, 0x9a,

tegra-fuse format (big-endian):
0x97d364e2d3d35f030a038c41bbadc42d0c15fa8d79ba569987e19fddb2e80f9a

fuse bypass format:
FAB_ENTRY(PUBLIC_KEY0, PUBLIC_KEY0, 0xe264d397),
FAB_ENTRY(PUBLIC_KEY1, PUBLIC_KEY1, 0x035fd3d3),
FAB_ENTRY(PUBLIC_KEY2, PUBLIC_KEY2, 0x418c030a),
FAB_ENTRY(PUBLIC_KEY3, PUBLIC_KEY3, 0x2dc4adbb),
FAB_ENTRY(PUBLIC_KEY4, PUBLIC_KEY4, 0x8dfa150c),
FAB_ENTRY(PUBLIC_KEY5, PUBLIC_KEY5, 0x9956ba79),
FAB_ENTRY(PUBLIC_KEY6, PUBLIC_KEY6, 0xdd9fe187),
FAB_ENTRY(PUBLIC_KEY7, PUBLIC_KEY7, 0x9a0fe8b2),
root@ubuntu:/home/ssss/Desktop/test/Linux_for_Tegra/bootloader#

4

Sorry for the late response, our team will do the investigation and provide suggestions soon. Thanks

5

BTW, could you try with JetPack 5.1.1/35.3.1 to see if issue still presents?

6

It is just a typo. I have the same issue. tegrakeyhash does not check if the file exists. If you type anything behind --pkc that is not a file it will not throw an error and will always generate the same hash.

That ist very bad, because now i can throw away my board.

8

tegrasign_v3.py is used for both 2K and 3K RSA; but… the tegrakeyhash only supports a 3K RSA key for Orin series.
it’s tool issue, this should be not repo’ed with the latest release version, JP-5.1.1.

10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.