I have successfully burned fuses into my jetson nano emmc board. However after flashing my image into the board using flashtool with my private key. The board did not load kernel 4.9 tegra which I put on in the L4T driver pack, instead it keeps loading the L4T Tegraboot as kernel.
I added my suitable kernel to the L4T driver pack using the guide at here
From the boot logs attached, I am sure the fuse burning worked and secure boot is working too but I don’t understand why it will not load the correct kernel.
What can I do to make the board load my kernel? boot_log_2 (18.7 KB)
This is working as intended. Explanation follows…
A subtle point about having security fuses burned is that they will now deny kernels and device trees in “/boot” even if the extlinux.conf names them there for location. Once security fuses are burned the device tree is only used from the signed partition, and the same goes for the kernel. This means that when you change kernel or device tree you must now flash them to their partitions (and the flash process will sign the content as it is flashed; there is a command line “--no-flash” option which will create signed content and leave it in place for your reference in case you wish to use an alternate method of putting the content in the partitions; only eMMC models have those partitions, and so some people might use dd instead of flash commands).
Look at the flash documents regarding flash of kernel and device tree. Command line flash should allow you to flash just kernel or just device tree.
Incidentally, I recommend that whenever you perform a command line flash, that you log the flash. It’s an excellent reference for things like figuring out where the device tree or kernel were copied from. For example, any command line flash could be modified like this: sudo ./flash.sh ...options... 2>&1 | tee flash_log.txt
(don’t discard the log, save it for future use)
let me double confirm the release version you’re used.
assume it’s l4t-r32.7.3, are you using the same release version of the Secure Boot package?
please also note that,
once you’ve enabled the Jetson security, you cannot perform partition update to flash kernel image only. that’s due to a partial flash should never be used in factory environment, on the fused device.
you may see-also Topic 252587 for reference.
Do note that a custom carrier board implies that likely it also has a custom device tree, and that the vendor would need to provide that. Boot stages do use the device tree for some purposes, so it is possible that proper setup of boot implies proper setup of device tree. Since you are using secure boot, this also implies the device tree will only be taken from the signed partition (flashed, not a file copy, and extlinux.conf would be ignored for device tree).
I added the custom dtb for the custom board using the -d flash of the flash tool and it got signed but I get error that the FDT could not be found. Despite successful loading by the kernel. see attached log boot_custom (12.5 KB)
I used the following command to flash
sudo ./flash.sh -u rsa_priv.pem -d Linux_for_Tegra/tegra210-p3448-0002-xago-0000.dtb jetson-nano-emmc mmcblk0p1
I was able to fix this by using our custom dtb as you suggested and using sudo ./apply_binaries.sh to generate extlinux.conf. I can get to the login screen now.
However, Jetson nano is requesting for a password to log in but I don’t know the default and currently using the Nano in headless mode.