Jetson Nano Developer Kit issues after fuse burning with SB/PKC; fuse_bypass options and samples needed

I’m using L4T 32.5 release.

At the moment I have issues with booting my Jetson Nano Developer Kit. Somehow I may have burned the fuses for SB with PKC in production mode. I keep the RSA key on safe location. This action should not have been supported, but I understood this latter - so I cannot flash the rest of the partitions signed with the PKC key nor boot it without SB PKC in normal non-secure NS mode.

  • I guess with the right fuse_bypass configuration I could be able to boot it without SB/PKC, right? Is there such sample fuse_bypass config available to bypass the SB with the PKC?

  • On the other hand, I’d like to test the SB with PKC for production module: can this be done on devkit device with fuse_bypass?

Here are the details of my device:

# hexdump -C cvm-boardinfo.bin
00000000  01 00 fc 00 78 0d 00 00  02 46 00 00 00 00 00 00  |....x....F......|
00000010  00 00 00 00 36 39 39 2d  31 33 34 34 38 2d 30 30  |....699-13448-00|
00000020  30 30 2d 32 30 30 20 46  2e 30 00 00 00 00 00 00  |00-200 F.0......|
00000030  00 00 ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
00000040  ff ff ff ff 8e 1d e5 4b  04 00 31 34 32 31 39 31  |.......K..142191|
00000050  39 30 34 34 34 33 35 00  00 00 00 00 00 00 00 00  |9044435.........|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000090  00 00 00 00 00 00 4e 56  43 42 1c 00 4d 31 00 00  |......NVCB..M1..|
000000a0  ff ff ff ff ff ff ff ff  ff ff ff ff 8e 1d e5 4b  |...............K|
000000b0  04 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 9f  |................|
00000100

hello todorcolovmobile,

could you please execute below commands to dump fuse info.
for example, $ sudo ./tegrafuse.sh

I cannot boot the devkit device. tegrafuse.sh should be run from the jetson nano Linux OS.
I have only access to “recovery mode” commands over the USB cable from host PC. ( I guess I should be able to flash fusebypass partition from there )

hello todorcolovmobile,

what’s the pipeline you’re used to program the fuse? please share all the steps for reference,
thanks

Linux_for_Tegra# ./odmfuse.sh -c PKC -i 0x21 -k rsa_priv.pem -p

*** Calculating HASH from keyfile /Linux_for_Tegra/rsa_priv.pem ... done
PKC HASH: 0x8ec2677683cd8bf4d0f19df8edcc199de9c9e5c422f2b7b4f070789506d37676
*** Generating fuse configuration ... done.
*** Start fusing  ... 
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd "blowfuses odmfuse_pkc.xml;"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0237 ] Parsing fuse info as per xml file
[   0.0612 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[   0.0643 ] 
[   0.0643 ] Generating RCM messages
[   0.1422 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.1460 ] RCM 0 is saved as rcm_0.rcm
[   0.1870 ] RCM 1 is saved as rcm_1.rcm
[   0.1877 ] List of rcm files are saved in rcm_list.xml
[   0.1877 ] 
[   0.1878 ] Signing RCM messages
[   0.2100 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.2128 ] Assuming zero filled SBK key
[   0.2354 ] 
[   0.2355 ] Copying signature to RCM mesages
[   0.2388 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.2434 ] 
[   0.2435 ] Boot Rom communication
[   0.2464 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[   0.2492 ] BR_CID: 0x4210100164441643080000000f008340
[   0.2512 ] RCM version 0X210001
[   0.2660 ] Boot Rom communication completed
[   1.2742 ] 
[   1.2744 ] Blowing fuses
[   1.2784 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[   1.2815 ] Applet version 00.01.0000
[   1.2999 ] Successfully burnt fuses as per fuse info blob
[   1.3129 ] 
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been burned successfully.
*** done.

./flash.sh jetson-nano-devkit mmcblk0p1

  • Flashing with not secure boot mode / NS / works fine but the device does not boot.

Flashing with SB and PKC in not allowed. Here is the output:

./flash.sh -x 0x21 -y PKC  -u rsa_priv.pem jetson-nano-devkit mmcblk0p1
###############################################################################
# L4T BSP Information:
# R32 , REVISION: 5.0
###############################################################################
# Target Board Information:
# Name: jetson-nano-devkit, Board Family: t210ref, SoC: Tegra 210, 
# OpMode: production, Boot Authentication: NS, 
# Disk encryption: disabled ,
###############################################################################
Error: either RSA key file and/or SBK key file are provided for none SBK and PKC protected target board.

hello todorcolovmobile,

may I know had you apply nvtboot binaries in post #27 of discussion thread Topic 144888?
it has correct the fuse burn issues.

BTW,
suggest you should add --test command into odmfuse.sh for testing.

Here is the output, it went successful, but still cannot boot because the referred Topic guide is for SB PKC boot which I’m not allowed to flash on devkit version. I’d like to disable the SB PKC.

/Linux_for_Tegra# ./odmfuse.sh -i 0x21 -p -c PKC -k rsa_priv.pem --test
*** Calculating HASH from keyfile //Linux_for_Tegra/rsa_priv.pem ... done
PKC HASH: 0x8ec2677683cd8bf4d0f19df8edcc199de9c9e5c422f2b7b4f070789506d37676
*** Generating fuse configuration ... done.
Test mode: removing all lines with '<fuse name=' so no fuses will be burned.
*** Start fusing  ... 
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd "blowfuses odmfuse_pkc.xml;"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0036 ] Parsing fuse info as per xml file
[   0.0043 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[   0.0051 ] 
[   0.0051 ] Generating RCM messages
[   0.0057 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.0062 ] RCM 0 is saved as rcm_0.rcm
[   0.0066 ] RCM 1 is saved as rcm_1.rcm
[   0.0067 ] List of rcm files are saved in rcm_list.xml
[   0.0067 ] 
[   0.0067 ] Signing RCM messages
[   0.0073 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0079 ] Assuming zero filled SBK key
[   0.0117 ] 
[   0.0117 ] Copying signature to RCM mesages
[   0.0123 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.0132 ] 
[   0.0132 ] Boot Rom communication
[   0.0139 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[   0.0145 ] BR_CID: 0x4210100164441643080000000f008340
[   0.0150 ] RCM version 0X210001
[   0.0313 ] Boot Rom communication completed
[   1.0405 ] 
[   1.0406 ] Blowing fuses
[   1.0445 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[   1.0479 ] Applet version 00.01.0000
[   1.0656 ] Successfully burnt fuses as per fuse info blob
[   1.0830 ] 
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been burned successfully.
*** done.
Linux_for_Tegra# cat bootloader/odmfuse_pkc.xml.sav
<genericfuse MagicId="0x46555345" version="1.0.0">
<fuse name="PublicKeyHash" size="32" value="0x7676d306957870f0b4b7f222c4e5c9e99d19ccedf89df1d0f48bcd837667c28e" />
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>
Linux_for_Tegra# ./odmfuse.sh -i 0x21 -p -c PKC -k rsa_priv.pem 
*** Calculating HASH from keyfile /Linux_for_Tegra/rsa_priv.pem ... done
PKC HASH: 0x8ec2677683cd8bf4d0f19df8edcc199de9c9e5c422f2b7b4f070789506d37676
*** Generating fuse configuration ... done.
*** Start fusing  ... 
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd "blowfuses odmfuse_pkc.xml;"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0037 ] Parsing fuse info as per xml file
[   0.0046 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[   0.0053 ] 
[   0.0053 ] Generating RCM messages
[   0.0059 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.0064 ] RCM 0 is saved as rcm_0.rcm
[   0.0069 ] RCM 1 is saved as rcm_1.rcm
[   0.0070 ] List of rcm files are saved in rcm_list.xml
[   0.0070 ] 
[   0.0070 ] Signing RCM messages
[   0.0076 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0083 ] Assuming zero filled SBK key
[   0.0128 ] 
[   0.0129 ] Copying signature to RCM mesages
[   0.0146 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.0156 ] 
[   0.0156 ] Boot Rom communication
[   0.0162 ] tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml
[   0.0168 ] BR_CID: 0x4210100164441643080000000f008340
[   0.0173 ] RCM version 0X210001
[   0.0338 ] Boot Rom communication completed
[   1.0437 ] 
[   1.0439 ] Blowing fuses
[   1.0478 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[   1.0513 ] Applet version 00.01.0000
[   1.0691 ] Successfully burnt fuses as per fuse info blob
[   1.0817 ] 
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been burned successfully.
*** done.

# md5sum bootloader/nvtboot*
65b95bd63ceebf8974b0903de5265c88  bootloader/nvtboot.bin
3a97283d250f00b6f1ba7776f5dc57f4  bootloader/nvtboot.bin.signed
a6d10bc8760041ba0e03ec3959f971ce  bootloader/nvtboot_cpu.bin
ff17e52b1096ff930115bcff0b947d0b  bootloader/nvtboot_cpu.bin.signed
13f9c5212dc5fac8685ba028dcc3c457  bootloader/nvtboot_recovery.bin
4fed21347f336748827489eb9f860fe5  bootloader/nvtboot_recovery_cpu.bin
/zipfile/Linux_for_Tegra# md5sum ../t/nvtboot*
65b95bd63ceebf8974b0903de5265c88  ../t/nvtboot.bin
a6d10bc8760041ba0e03ec3959f971ce  ../t/nvtboot_cpu.bin
13f9c5212dc5fac8685ba028dcc3c457  ../t/nvtboot_recovery.bin
4fed21347f336748827489eb9f860fe5  ../t/nvtboot_recovery_cpu.bin

could you please generate sign image with board information specified, also adding --no-flash to make it locally.
for example,

$ sudo BOARDID=3448 FAB=400 BOARDSKU=0002 ./flash.sh -r --no-flash -y PKC -u key.pem jetson-nano-emmc mmcblk0p1

if the image has create successfully, there should be flashcmd.txt generated,
please have image flashing with that. for example, $ sudo bash ./flashcmd.txt
thanks

Here is the output

root@tchome:/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra# BOARDID=3448 FAB=400 BOARDSKU=0002 ./flash.sh -r --no-flash -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1
###############################################################################
# L4T BSP Information:
# R32 , REVISION: 5.0
###############################################################################
Board ID(3448) version(400) 
copying bctfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/BCT/P3448_A00_lpddr4_204Mhz_P987.cfg)... done.
copying bootloader(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
copying initrd(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
Making Boot image... done.
Existing sosfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/nvtboot_recovery.bin) reused.
copying tegraboot(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/nvtboot.bin)... done.
copying cpu_bootloader(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
copying bpffile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/sc7entry-firmware.bin)... done.
Existing badpagefile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/badpage.bin) reused.
copying wb0boot(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/warmboot.bin)... done.
Existing tosfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/tos-mon-only.img) reused.
Existing eksfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/eks.img) reused.
copying dtbfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/kernel/dtb/tegra210-p3448-0002-p3449-0000-b00.dtb)... done.
Copying nv_boot_control.conf to rootfs
Reusing existing system.img... 
done.
Existing tbcfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/nvtboot_cpu.bin) reused.
copying tbcdtbfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/kernel/dtb/tegra210-p3448-0002-p3449-0000-b00.dtb)... done.
copying cfgfile(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/cfg/flash_l4t_t210_emmc_p3448.xml) to flash.xml... done.
copying flasher(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/t210ref/cboot.bin)... done.
Existing flashapp(/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/tegraflash.py) reused.
./tegraflash.py --cfg flash.xml --bl cboot.bin --bct  P3448_A00_lpddr4_204Mhz_P987.cfg --odmdata 0xa4000 --bldtb kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed --applet nvtboot_recovery.bin    --cmd "sign"  --chip 0x21 --key /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem  
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0058 ] tegrasign --key /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem --getmode mode.txt
[   0.0064 ] PKC key in Open SSL format
[   0.0065 ] Key size is 256 bytes
[   0.0075 ] 
[   0.0080 ] Generating RCM messages
[   0.0086 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 0 --download rcm nvtboot_recovery.bin 0 0
[   0.0092 ] RCM 0 is saved as rcm_0.rcm
[   0.0095 ] RCM 1 is saved as rcm_1.rcm
[   0.0096 ] List of rcm files are saved in rcm_list.xml
[   0.0096 ] 
[   0.0096 ] Signing RCM messages
[   0.0102 ] tegrasign --key /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0108 ] PKC key in Open SSL format
[   0.0109 ] Key size is 256 bytes
[   0.0110 ] Saving public key  in pub_key.key
[   0.0996 ] Saving public key Hash as binary: pub_key.hash
[   0.0996 ] Saving public key Hash as big-endian text: pub_key.hash_txt
[   0.0996 ] Saving public key Hash as little-endian(sysfs) text: pub_key.hash_sysfs_txt
[   0.0997 ] 
[   0.0997 ] Copying signature to RCM mesages
[   0.1006 ] tegrarcm --chip 0x21 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.1016 ] 
[   0.1016 ] Parsing partition layout
[   0.1023 ] tegraparser --pt flash.xml.tmp
[   0.1032 ] 
[   0.1032 ] Creating list of images to be signed
[   0.1039 ] tegrahost --chip 0x21 0 --partitionlayout flash.xml.bin --list images_list.xml
[   0.1132 ] 
[   0.1132 ] Generating signatures
[   0.1156 ] tegrasign --key /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem --list images_list.xml --pubkeyhash pub_key.key
[   0.1163 ] PKC key in Open SSL format
[   0.1165 ] Key size is 256 bytes
[   0.1166 ] Saving public key  in pub_key.key
[   0.8213 ] Saving public key Hash as binary: pub_key.hash
[   0.8213 ] Saving public key Hash as big-endian text: pub_key.hash_txt
[   0.8213 ] Saving public key Hash as little-endian(sysfs) text: pub_key.hash_sysfs_txt
[   0.8213 ] 
[   0.8214 ] Generating br-bct
[   0.8224 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.cfg --chip 0x21 0
[   0.8230 ] Copying Sdram info from 2 to 3 set
[   0.8249 ] 
[   0.8249 ] Updating boot device parameters
[   0.8255 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatedevparam flash.xml.bin
[   0.8261 ] Warning: No sdram params
[   0.8262 ] 
[   0.8262 ] Updating bl info
[   0.8268 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updateblinfo flash.xml.bin --updatesig images_list_signed.xml
[   0.8285 ] 
[   0.8286 ] Updating secondary storage information into bct
[   0.8292 ] tegraparser --pt flash.xml.bin --chip 0x21 0 --updatecustinfo P3448_A00_lpddr4_204Mhz_P987.bct
[   0.8299 ] 
[   0.8300 ] Updating Odmdata
[   0.8306 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatefields Odmdata =0xa4000
[   0.8313 ] Warning: No sdram params
[   0.8313 ] 
[   0.8314 ] Get Signed section of bct
[   0.8320 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --listbct bct_list.xml
[   0.8327 ] 
[   0.8328 ] Signing BCT
[   0.8340 ] tegrasign --key /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem --list bct_list.xml --pubkeyhash pub_key.key
[   0.8348 ] PKC key in Open SSL format
[   0.8350 ] Key size is 256 bytes
[   0.8351 ] Saving public key  in pub_key.key
[   0.8797 ] Saving public key Hash as binary: pub_key.hash
[   0.8797 ] Saving public key Hash as big-endian text: pub_key.hash_txt
[   0.8797 ] Saving public key Hash as little-endian(sysfs) text: pub_key.hash_sysfs_txt
[   0.8797 ] 
[   0.8798 ] Updating BCT with signature
[   0.8806 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatesig bct_list_signed.xml --pubkeyhash pub_key.key
[   0.8814 ] 
[   0.8814 ] Copying signatures
[   0.8821 ] tegrahost --chip 0x21 0 --partitionlayout flash.xml.bin --updatesig images_list_signed.xml --pubkeyhash pub_key.key
[   0.8915 ] 
[   0.8916 ] Updating BFS information on BCT
[   0.8929 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatebfsinfo flash.xml.bin --pubkeyhash pub_key.key
[   0.8936 ]    BFS:
[   0.8948 ]      0: [PT ] flash.xml.bin (size=4349/131072)
[   0.8950 ]      1: [TBC] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.8952 ]      2: [RP1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.8955 ]      3: [EBT] cboot.bin.signed (size=485120/655360)
[   0.8956 ]      4: [WB0] warmboot.bin.signed (size=3952/131072)
[   0.8958 ]      5: [BPF] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.8960 ] BFS0: 131072 @ 2560 SUM 1f958b2d over 2883584 bytes
[   0.8962 ]    BFS:
[   0.8966 ]      0: [PT-1] flash.xml.bin (size=4349/131072)
[   0.8968 ]      1: [TBC-1] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.8970 ]      2: [RP1-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.8972 ]      3: [EBT-1] cboot.bin.signed (size=485120/655360)
[   0.8974 ]      4: [WB0-1] warmboot.bin.signed (size=3952/131072)
[   0.8975 ]      5: [BPF-1] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.8978 ]      8: [VER_b] emmc_bootblob_ver.txt (size=102/32768)
[   0.8980 ]      9: [VER] emmc_bootblob_ver.txt (size=102/32768)
[   0.8982 ] BFS1: 131072 @ 8704 SUM 1f958b2d over 2981888 bytes
[   0.8983 ]    KFS:
[   0.9042 ]      0: [DTB] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.9044 ]      1: [TOS] tos-mon-only.img.signed (size=54448/6291456)
[   0.9046 ]      2: [EKS] eks.img (size=1028/81920)
[   0.9047 ]      3: [LNX] boot.img.signed (size=661504/67092480)
[   0.9049 ] KFS0: 1048576 @ 29376546 SUM cbef00f5 over 8083456 bytes
[   0.9057 ]    KFS:
[   0.9128 ]      0: [DTB-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.9131 ]      1: [TOS-1] tos-mon-only.img.signed (size=54448/6291456)
[   0.9133 ]      2: [EKS-1] eks.img (size=1028/81920)
[   0.9135 ]      3: [LNX-1] boot.img.signed (size=661504/67092480)
[   0.9136 ] KFS1: 1048576 @ 29522082 SUM cbef00f5 over 8083456 bytes
[   0.9143 ] 
[   0.9144 ] Copying signed file in /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/signed
./tegraflash.py --bl cboot.bin.signed --bct  P3448_A00_lpddr4_204Mhz_P987.bct --odmdata 0xa4000 --bldtb kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed --applet rcm_1_signed.rcm --cmd "secureflash;reboot"  --cfg flash.xml --chip 0x21    --bins "EBT cboot.bin; DTB tegra210-p3448-0002-p3449-0000-b00.dtb"  --key "/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem" 
saving flash command in /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/flashcmd.txt
saving Windows flash command to /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/flash_win.bat
*** no-flash flag enabled. Exiting now... *** 
root@tchome:/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra# cat /home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader/flashcmd.txt
./tegraflash.py --bl cboot.bin.signed --bct  P3448_A00_lpddr4_204Mhz_P987.bct --odmdata 0xa4000 --bldtb kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed --applet rcm_1_signed.rcm --cmd "secureflash;reboot"  --cfg flash.xml --chip 0x21    --bins "EBT cboot.bin; DTB tegra210-p3448-0002-p3449-0000-b00.dtb"  --key "/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/rsa_priv.pem" 

And the output from the execution:

root@tchome:/home/tc/PETER-pmelectrical/nvidia/sb/Linux_for_Tegra/bootloader# bash ./flashcmd.txt
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0056 ] Parsing partition layout
[   0.0065 ] tegraparser --pt flash.xml.tmp
[   0.0075 ] 
[   0.0075 ] Updating BFS information on RCM BCT
[   0.0081 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatebfsinfo flash.xml.bin --pubkeyhash pub_key.key
[   0.0087 ]    BFS:
[   0.0097 ]      0: [PT ] flash.xml.bin (size=4381/131072)
[   0.0099 ]      1: [TBC] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.0101 ]      2: [RP1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0103 ]      3: [EBT] cboot.bin.signed (size=485120/655360)
[   0.0105 ]      4: [WB0] warmboot.bin.signed (size=3952/131072)
[   0.0107 ]      5: [BPF] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.0108 ] BFS0: 131072 @ 2560 SUM 0f19f608 over 2883584 bytes
[   0.0110 ]    BFS:
[   0.0114 ]      0: [PT-1] flash.xml.bin (size=4381/131072)
[   0.0115 ]      1: [TBC-1] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.0117 ]      2: [RP1-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0120 ]      3: [EBT-1] cboot.bin.signed (size=485120/655360)
[   0.0122 ]      4: [WB0-1] warmboot.bin.signed (size=3952/131072)
[   0.0123 ]      5: [BPF-1] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.0125 ]      8: [VER_b] emmc_bootblob_ver.txt (size=102/32768)
[   0.0127 ]      9: [VER] emmc_bootblob_ver.txt (size=102/32768)
[   0.0129 ] BFS1: 131072 @ 8704 SUM 0f19f608 over 2981888 bytes
[   0.0131 ]    KFS:
[   0.0218 ]      0: [DTB] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0220 ]      1: [TOS] tos-mon-only.img.signed (size=54448/6291456)
[   0.0222 ]      2: [EKS] eks.img (size=1028/81920)
[   0.0223 ]      3: [LNX] boot.img.signed (size=661504/67092480)
[   0.0225 ] KFS0: 1048576 @ 29376546 SUM cbef00f5 over 8083456 bytes
[   0.0233 ]    KFS:
[   0.0305 ]      0: [DTB-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0307 ]      1: [TOS-1] tos-mon-only.img.signed (size=54448/6291456)
[   0.0309 ]      2: [EKS-1] eks.img (size=1028/81920)
[   0.0310 ]      3: [LNX-1] boot.img.signed (size=661504/67092480)
[   0.0312 ] KFS1: 1048576 @ 29522082 SUM cbef00f5 over 8083456 bytes
[   0.0320 ] 
[   0.0320 ] Updating BFS information on BCT
[   0.0328 ] tegrabct --bct P3448_A00_lpddr4_204Mhz_P987.bct --chip 0x21 0 --updatebfsinfo flash.xml.bin --pubkeyhash pub_key.key
[   0.0334 ]    BFS:
[   0.0343 ]      0: [PT ] flash.xml.bin (size=4381/131072)
[   0.0344 ]      1: [TBC] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.0346 ]      2: [RP1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0349 ]      3: [EBT] cboot.bin.signed (size=485120/655360)
[   0.0350 ]      4: [WB0] warmboot.bin.signed (size=3952/131072)
[   0.0352 ]      5: [BPF] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.0354 ] BFS0: 131072 @ 2560 SUM 0f19f608 over 2883584 bytes
[   0.0355 ]    BFS:
[   0.0358 ]      0: [PT-1] flash.xml.bin (size=4381/131072)
[   0.0360 ]      1: [TBC-1] nvtboot_cpu.bin.signed (size=65760/196608)
[   0.0362 ]      2: [RP1-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0364 ]      3: [EBT-1] cboot.bin.signed (size=485120/655360)
[   0.0366 ]      4: [WB0-1] warmboot.bin.signed (size=3952/131072)
[   0.0367 ]      5: [BPF-1] sc7entry-firmware.bin.signed (size=3376/262144)
[   0.0369 ]      8: [VER_b] emmc_bootblob_ver.txt (size=102/32768)
[   0.0371 ]      9: [VER] emmc_bootblob_ver.txt (size=102/32768)
[   0.0373 ] BFS1: 131072 @ 8704 SUM 0f19f608 over 2981888 bytes
[   0.0375 ]    KFS:
[   0.0438 ]      0: [DTB] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0441 ]      1: [TOS] tos-mon-only.img.signed (size=54448/6291456)
[   0.0443 ]      2: [EKS] eks.img (size=1028/81920)
[   0.0444 ]      3: [LNX] boot.img.signed (size=661504/67092480)
[   0.0446 ] KFS0: 1048576 @ 29376546 SUM cbef00f5 over 8083456 bytes
[   0.0456 ]    KFS:
[   0.0543 ]      0: [DTB-1] kernel_tegra210-p3448-0002-p3449-0000-b00.dtb.signed (size=244352/1048576)
[   0.0546 ]      1: [TOS-1] tos-mon-only.img.signed (size=54448/6291456)
[   0.0547 ]      2: [EKS-1] eks.img (size=1028/81920)
[   0.0549 ]      3: [LNX-1] boot.img.signed (size=661504/67092480)
[   0.0550 ] KFS1: 1048576 @ 29522082 SUM cbef00f5 over 8083456 bytes
[   0.0558 ] 
[   0.0558 ] Boot Rom communication
[   0.0566 ] tegrarcm --chip 0x21 0 --rcm rcm_1_signed.rcm
[   0.0572 ] BR_CID: 0x4210100164441643080000000f008340
[   0.0577 ] Bootrom returned error 4
[   0.0868 ] Boot Rom communication failed
[   0.0868 ] 
Error: Return value 4
Command tegrarcm --chip 0x21 0 --rcm rcm_1_signed.rcm

Flash is not working.
jetson-nano-emmc has different partition layout (internal emmc ) compared to jetson-nano-devkit ( qspi + sd )
Is there a similar to tegrafuse.sh command which can be run from ‘recovery mode’ Host PC via the USB cable?
Shall we test with fusebypass partition to disable SB PKC?

hello todorcolovmobile,

Jetson security only support with eMMC version. you cannot burn fuse to enable that with jetson-nano-devkit (qspi + sd).

It is somehow misleading for newcommers into the community:

  1. “Production module” is quite close as naming convention to “production mode” of the “fuses” and I got initially devkit device (having no detailed idea what production module is )
  2. Devkit is for development needs, I tought it has all options to test all capabilities. I still do not understand why it has limited PKC SB capabilities. It make no sence to me becouse of the different flash layout to remove the option to test SB.
  3. Jetson Nano CPU looks the same in devkit module and production module, so I have not questioned its fuse capabilities are the same.
  4. odmfuse.sh command should have rejected the “fuse” burning, if it was not supported, right?

Please provide answers to my developers questions:

  • Is there any similar to tegrafuse.sh command but to be able to run it from “recovery mode” via the USB calble from host PC - I’d like to see the status of the fuses?
  • Is there a way to use fusebypass partition to disable the PKC with SB? I need sample commands/configurations for fusebypass partition, please elaborate more on this.

If there is not way to bring my devkit back to live:

  • can I get replacement devikit board becouse of faulty software “odmfuse.sh” have not rejected the fuse burrning for the not supported devkit board? :( :( :(
  • or Jetson security to release updates to L4T secboot to include devkit into the SB supported devices. So that all developers can test SB boot. ( preferred option )

Thanks,

hello todorcolovmobile,

please check Topic 165151, and Topic 165661 for reference,
production module means the platform based-on eMMC; please check the secureboot readme file, it shows as following,

            - Jetson Nano Production Module: jetson-nano-emmc

BTW,
please initial RMA process if you believe that your Jetson product is defective.
thanks

1 Like

The RMA process does not work at the moment:

Live Chat

We’re sorry, chat is currently unavailable

May be the RMA service is not applicable for my location

UART console output:

[0000.163] [TegraBoot] (version 00.00.2018.01-l4t-7da7a580)
[0000.169] Processing in cold boot mode Bootloader 2
[0000.173] A02 Bootrom Patch rev = 1023
[0000.177] Power-up reason: ap watchdog timeout
[0000.181] No Battery Present
[0000.184] pmic max77620 reset reason
[0000.187] pmic max77620 NVERC : 0x0
[0000.190] RamCode = 0
[0000.193] Platform has DDR4 type RAM
[0000.196] max77620 disabling SD1 Remote Sense
[0000.201] Setting DDR voltage to 1125mv
[0000.205] Serial Number of Pmic Max77663: 0x221ff9
[0000.213] Entering ramdump check
[0000.216] Get RamDumpCarveOut = 0x0
[0000.219] RamDumpCarveOut=0x0,  RamDumperFlag=0xe59ff3f8
[0000.224] Last reboot was clean, booting normally!
[0000.229] Sdram initialization is successful 
[0000.233] SecureOs Carveout Base=0x00000000ff800000 Size=0x00800000
[0000.239] Lp0 Carveout Base=0x00000000ff780000 Size=0x00001000
[0000.245] BpmpFw Carveout Base=0x00000000ff700000 Size=0x00080000
[0000.252] GSC1 Carveout Base=0x00000000ff600000 Size=0x00100000
[0000.258] GSC2 Carveout Base=0x00000000ff500000 Size=0x00100000
[0000.264] GSC4 Carveout Base=0x00000000ff400000 Size=0x00100000
[0000.270] GSC5 Carveout Base=0x00000000ff300000 Size=0x00100000
[0000.276] GSC3 Carveout Base=0x000000017f300000 Size=0x00d00000
[0000.296] RamDump Carveout Base=0x00000000ff280000 Size=0x00080000
[0000.302] Platform-DebugCarveout: 0
[0000.305] Nck Carveout Base=0x00000000ff080000 Size=0x00200000
[0000.311] Non secure mode, and RB not enabled.
[0000.363] Csd NumOfBlocks=60579840
[0000.369] Set High speed to 1
[0000.374] Using GPT Primary to query partitions
[0000.379] Loading Tboot-CPU binary
[0000.392] Verifying TBC in OdmNonSecureSBK mode
[0000.403] Bootloader load address is 0xa0000000, entry address is 0xa0000258
[0000.410] Bootloader downloaded successfully.
[0000.414] Downloaded Tboot-CPU binary to 0xa0000258
[0000.419] MAX77620_GPIO5 configured
[0000.423] CPU power rail is up
[0000.426] CPU clock enabled
[0000.431] Performing RAM repair
[0000.434] Updating A64 Warmreset Address to 0xa00002e9
[0000.439] Loading NvTbootBootloaderDTB
[0000.475] Verifying NvTbootBootloaderDTB in OdmNonSecureSBK mode
[0000.575] Bootloader DTB Load Address: 0x83000000
[0000.580] Loading NvTbootKernelDTB
[0000.616] Verifying NvTbootKernelDTB in OdmNonSecureSBK mode
[0000.715] Kernel DTB Load Address: 0x83100000
[0000.720] Loading cboot binary
[0000.764] Verifying EBT in OdmNonSecureSBK mode
[0000.814] Bootloader load address is 0x92c00000, entry address is 0x92c00258
[0000.822] Bootloader downloaded successfully.
[0000.826] Next binary entry address: 0x92c00258 
[0000.831] BoardId: 3448
[0000.838] Overriding pmu board id with proc board id
[0000.842] Display board id is not available 
[0000.884] Verifying SC7EntryFw in OdmNonSecureSBK mode
[0000.951] /bpmp deleted
[0000.954] SC7EntryFw header found loaded at 0xff700000
[0001.193] OVR2 PMIC
[0001.195] Bpmp FW successfully loaded
[0001.200] WB0 init successfully at 0xff780000
[0001.204] Set NvDecSticky Bits
[0001.208] GSC2 address ff53fffc value c0edbbcc
[0001.217] GSC MC Settings done
[0001.221] TOS Image length 53680
[0001.224]  Monitor size 53680
[0001.227]  OS size 0
[0001.236] Secure Os AES-CMAC Verification Success!
[0001.241] TOS image cipher info: plaintext
[0001.245] Loading and Validation of Secure OS Successful
[0001.268] SC7 Entry Firmware - 0xff700000, 0x4000
[0001.273] NvTbootPackSdramParams: start. 
[0001.280] NvTbootPackSdramParams: done. 
[0001.284] Tegraboot started after 90741 us
[0001.288] Basic modules init took 777074 us
[0001.292] NvTbootQspiFlashIoctl: Opcode = 1 not supported
[0001.297] Sec Bootdevice Read Time = 622327755 ms, Read Size = 622327755 KB
[0001.304] Sec Bootdevice Write Time = 0 ms, Write Size = 0 KB
[0001.310] Storage Device Read Time = 165 ms, Read Size = 2226 KB
[0001.316] Storage Device Write Time = 0 ms, Write Size = 0 KB
[0001.321] Next stage binary read took 37958 us
[0001.326] Carveout took -52273 us
[0001.329] CPU initialization took 461082 us
[0001.333] Total time taken by TegraBoot 1223841 us

[0001.338] Starting CPU & Halting co-processor 

64NOTICE:  BL31: v1.3(release):a28d87f09
NOTICE:  BL31: Built : 13:38:45, Nov  5 2019
ERROR:   Error initializing runtime service trusty_fast
[0001.460] RamCode = 0
[0001.465] LPDDR4 Training: Read DT: Number of tables = 2
[0001.470] EMC Training (SRC-freq: 204000; DST-freq: 1600000)
[0001.483] EMC Training Successful
[0001.486] 408000 not found in DVFS table
[0001.492] RamCode = 0
[0001.496] DT Write: emc-table@204000 succeeded
[0001.501] DT Write: emc-table@1600000 succeeded
[0001.506] LPDDR4 Training: Write DT: Number of tables = 2
[0001.551] 
[0001.552] Debug Init done
[0001.554] Marked DTB cacheable
[0001.557] Bootloader DTB loaded at 0x83000000
[0001.562] Marked DTB cacheable
[0001.565] Kernel DTB loaded at 0x83100000
[0001.569] DeviceTree Init done
[0001.581] Pinmux applied successfully
[0001.585] gicd_base: 0x50041000
[0001.589] gicc_base: 0x50042000
[0001.592] Interrupts Init done
[0001.596] Using base:0x60005090 & irq:208 for tick-timer
[0001.601] Using base:0x60005098 for delay-timer
[0001.606] platform_init_timer: DONE
[0001.609] Timer(tick) Init done
[0001.613] osc freq = 38400 khz
[0001.617] 
[0001.618] welcome to cboot
[0001.621] 
[0001.622] Cboot Version: 00.00.2018.01-t210-21e03500
[0001.627] calling constructors
[0001.630] initializing heap
[0001.632] initializing threads
[0001.635] initializing timers
[0001.638] creating bootstrap completion thread
[0001.643] top of bootstrap2()
[0001.646] CPU: ARM Cortex A57
[0001.648] CPU: MIDR: 0x411FD071, MPIDR: 0x80000000
[0001.653] initializing platform
[0001.656] Scratch reg 37 & 271 initial value set..
[0001.663] cboot:secure-pmc present
[0001.666] Manufacturer: MF = 0xc2, ID MSB = 0x25
[0001.671] ID LSB = 0x36, ID-CFI len = 194 bytes
[0001.675] Macronix QSPI chip present
[0001.679] SPI device register
[0001.682] init boot device
[0001.684] allocating memory for boot device(SPI)
[0001.689] registering boot device
[0001.698] sdmmc node status = okay
[0001.701] sdcard instance = 0
[0001.704] sdcard gpio handle 0x56
[0001.708] sdcard gpio pin 0xc9
[0001.711] sdcard gpio flags 0x0
[0001.714] vmmc-supply 0x99
[0001.716] Instance: 0
[0001.718] Allocating memory for context
[0001.722] enabling clock
[0001.725] sd card init
[0001.727] Check card present and stable
[0001.731] Send command 0
[0001.747] Send command 3
[0001.752] Set RCA for the card
[0001.754] Query card specific data by command 9
[0001.761] Parse CSD data
[0001.763] Send command 7
[0001.774] Calling sd device register
[0001.777] Init sdcard
[0001.779] Allocating memory for boot device
[0001.784] Registering user device
[0001.797] Enable APE clock
[0001.799] Un-powergate APE partition
[0001.803] of_register: registering tegra_udc to of_hal
[0001.808] of_register: registering tegra_udc to of_hal
[0001.813] of_register: registering inv20628-driver to of_hal
[0001.819] of_register: registering ads1015-driver to of_hal
[0001.824] of_register: registering lp8557-bl-driver to of_hal
[0001.830] of_register: registering bq2419x_charger to of_hal
[0001.836] of_register: registering cpc to of_hal
[0001.841] of_register: registering bq27441_fuel_gauge to of_hal
[0001.852] gpio framework initialized
[0001.855] of_register: registering tca9539_gpio to of_hal
[0001.861] of_register: registering tca9539_gpio to of_hal
[0001.866] of_register: registering i2c_bus_driver to of_hal
[0001.872] of_register: registering i2c_bus_driver to of_hal
[0001.877] of_register: registering i2c_bus_driver to of_hal
[0001.883] of_register: registering i2c_bus_driver to of_hal
[0001.889] pmic framework initialized
[0001.892] of_register: registering max77620_pmic to of_hal
[0001.898] regulator framework initialized
[0001.902] of_register: registering tps65132_bl_driver to of_hal
[0001.908] initializing target
[0001.913] gpio_driver_register: register 'tegra_gpio_driver' driver
[0001.922] fixed regulator driver initialized
[0001.939] initializing OF layer
[0001.942] NCK carveout not present
[0001.945] Skipping dts_overrides
[0001.949] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.966] I2C Bus Init done
[0001.969] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.979] I2C Bus Init done
[0001.982] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.992] I2C Bus Init done
[0001.994] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0002.005] I2C Bus Init done
[0002.007] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0002.018] I2C Bus Init done
[0002.020] of_children_init: Ops found for compatible string maxim,max77620
[0002.031] max77620_init using irq 118
[0002.036] register 'maxim,max77620' pmic
[0002.040] gpio_driver_register: register 'max77620-gpio' driver
[0002.046] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0002.057] I2C Bus Init done
[0002.060] NCK carveout not present
[0002.063] shim_invoke: No NCT, Calling dts updates
[0002.075] Find /i2c@7000c000's alias i2c0
[0002.079] get eeprom at 1-a0, size 256, type 0
[0002.087] Find /i2c@7000c500's alias i2c2
[0002.091] get eeprom at 3-a0, size 256, type 0
[0002.096] get eeprom at 3-ae, size 256, type 0
[0002.100] pm_ids_update: Updating 1,a0, size 256, type 0
[0002.105] I2C slave not started
[0002.108] I2C write failed
[0002.111] Writing offset failed
[0002.114] eeprom_init: EEPROM read failed
[0002.118] pm_ids_update: eeprom init failed
[0002.122] pm_ids_update: Updating 3,a0, size 256, type 0
[0002.152] pm_ids_update: The pm board id is 3448-0000-200
[0002.159] Adding plugin-manager/ids/3448-0000-200=/i2c@7000c500:module@0x50
[0002.167] pm_ids_update: pm id update successful
[0002.172] pm_ids_update: Updating 3,ae, size 256, type 0
[0002.202] pm_ids_update: The pm board id is 3449-0000-200
[0002.208] Adding plugin-manager/ids/3449-0000-200=/i2c@7000c500:module@0x57
[0002.216] pm_ids_update: pm id update successful
[0002.246] eeprom_get_mac: EEPROM invalid MAC address (all 0xff)
[0002.252] shim_eeprom_update_mac:267: Failed to update 0 MAC address in DTB
[0002.261] eeprom_get_mac: EEPROM invalid MAC address (all 0xff)
[0002.266] shim_eeprom_update_mac:267: Failed to update 1 MAC address in DTB
[0002.275] updating /chosen/nvidia,ethernet-mac node 00:04:4b:e5:1d:8e
[0002.281] Plugin Manager: Parse ODM data 0x00094000
[0002.291] shim_cmdline_install: /chosen/bootargs: root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 console=ttyS0,115200n8 console=tty0 fbcon=map:0 net.ifnames=0   
[0002.313] Find /i2c@7000c000's alias i2c0
[0002.317] get eeprom at 1-a0, size 256, type 0
[0002.325] Find /i2c@7000c500's alias i2c2
[0002.329] get eeprom at 3-a0, size 256, type 0
[0002.334] get eeprom at 3-ae, size 256, type 0
[0002.338] pm_ids_update: Updating 1,a0, size 256, type 0
[0002.344] I2C slave not started
[0002.347] I2C write failed
[0002.349] Writing offset failed
[0002.352] eeprom_init: EEPROM read failed
[0002.356] pm_ids_update: eeprom init failed
[0002.360] pm_ids_update: Updating 3,a0, size 256, type 0
[0002.390] pm_ids_update: The pm board id is 3448-0000-200
[0002.397] Adding plugin-manager/ids/3448-0000-200=/i2c@7000c500:module@0x50
[0002.404] pm_ids_update: pm id update successful
[0002.409] pm_ids_update: Updating 3,ae, size 256, type 0
[0002.439] pm_ids_update: The pm board id is 3449-0000-200
[0002.445] Adding plugin-manager/ids/3449-0000-200=/i2c@7000c500:module@0x57
[0002.452] pm_ids_update: pm id update successful
[0002.483] Chip UID is 0000000164441643080000000f008340
[0002.488] Add serial number:14219190444350408300 as DT property
[0002.496] Applying platform configs
[0002.503] platform-init is not present. Skipping
[0002.507] calling apps_init()
[0002.527] Found 15 GPT partitions in "sd0"
[0002.531] Proceeding to Cold Boot
[0002.535] starting app android_boot_app
[0002.538] Device state: unlocked
[0002.541] display console init
[0002.550] could not find regulator
[0002.553] hdmi cable connected
[0002.569] edid read success
[0002.571] width = 640, height = 480, frequency = 25174825
[0002.577] width = 1920, height = 1080, frequency = 148500000
[0002.592] DT entry for leds-pwm not found 480, freq = 25174825

[0002.597] tmds-config node not found
[0002.601] pmc_set_io_pad_voltage: Error -2 retrieving platform-io-pad-voltagepropsetting 'avdd-io-hdmi-dp' regulator to 1050000 micro volts
[0002.616] setting 'vdd-1v8' regulator to 1800000 micro volts
[0002.624] could not find regulator
[0002.627] could not find regulator
[0002.630] could not find regulator
[0002.659] using default cmu settings
[0002.663] dc_hdmi_enable, starting HDMI initialisation
[0002.669] dc_hdmi_enable, HDMI initialisation complete
[0002.674] list and configure display window
[0002.679] display console init completed
[0002.686] subnode volume_up is not found !
[0002.690] subnode back is not found !
[0002.694] subnode volume_down is not found !
[0002.698] subnode menu is not found !
[0002.701] Gpio keyboard init success
[0002.751] found decompressor handler: lz4-legacy
[0002.766] decompressing blob (type 1)...
[0002.800] load_bmp_blob: panelresolution=480 type=0
[0002.857] decompressor handler not found
[0002.860] load_firmware_blob: Firmware blob loaded, entries=2
[0002.866] se_aes_verify_sbk_clear: Error
[0002.870] bl_battery_charging: connected to external power supply
[0002.877] xusb is supported
[0002.883] error while finding nvidia,portmap
[0002.889] could not find regulator
[0003.392] xusb blob version 0 size 124416
[0003.396] firmware size 124416
[0003.401] Firmware timestamp: 0x5cd2a472, Version: 50.22 release
[0003.408] xhci0: 64 bytes context size, 32-bit DMA
[0003.448] usbus0: 5.0Gbps Super Speed USB v3.0
[0003.468] uhub0: <Nvidia XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
[0000.163] [TegraBoot] (version 00.00.2018.01-l4t-7da7a580)
[0000.169] Processing in cold boot mode Bootloader 2
[0000.173] A02 Bootrom Patch rev = 1023
[0000.177] Power-up reason: ap watchdog timeout
[0000.181] No Battery Present
[0000.184] pmic max77620 reset reason
[0000.187] pmic max77620 NVERC : 0x0

I see only 1 unknown error:

ERROR:   Error initializing runtime service trusty_fast

and the device reboots around the 3 second of booting, without another significant error.

  • Could it be a watchdog configuration that causes reboot? odmfuse.sh allows us to change the wd config also.
[0000.177] Power-up reason: ap watchdog timeout

It looks like watchdog issue rather than SB/PKC. I’ll dig further in another topic