JETSON NX PRODUCTION MODULE (EMMC) can't be programmed after ODMFUSE.sh

Hi,
I have an issue to flash a Jetson NX eMMC SOM, after programming fuses and enable production (same and unique command) with odmfuse.sh, flash.sh have an issue :

[ 0.0061 ] Parsing partition layout
[ 0.0067 ] tegraparser_v2 --pt secureflash.xml.tmp
[ 0.0077 ]
[ 0.0077 ] Boot Rom communication
[ 0.0082 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_1_signed.rcm --rcm rcm_2_signed.rcm --skipuid
[ 0.0087 ] Bootrom returned error 22
[ 0.0374 ] Boot Rom communication failed
[ 0.0374 ]

Do you have any idea ?
I don’t have this issue with another board and same commands.

Thank you for your feedback.
Best regards,

hello JulienMoinard,

may I know which JetPack release version you’re working with?

FYI, there’s a bug with l4t-r32.4.3 release. it’s necessary that you must enable secureBoot for Xavier series to program all fuse (PKC, SBK, KEK…etc) at once, in addition to make the “SecurityMode” enabled. (i.e. -p option of odmfuse.sh); such error fusing issue has already fixed in the l4t-r32.5 release.

please also refer to below discussion thread,
thanks

Hi JerryChang,

I use Jetpack4.5 and the following command :

sudo odmfuse.sh -p --disable-jtag -i 0x19 -k /data/keys/rsa.key --KEK0 /data/keys0.key --KEK1 /data/keys.key1.key --KEK2 /data/key2.key -S /data/keys/sbk.key jetson-xavier-nx-devkit-emmc

sudo ./flash.sh -i /data/keys/disk.key -u /data/keys/rsa.key -v /data/keys/sbk.key --user_key /data/keys/user.hex /cti/xavier-nx/photon-encrypted mmcblk0p1

Successful odmfuse log for reference :
odmfuse.log (76.3 KB)

Content of odmfuse_pkc.xml

Do you see a mistake ?
I am able to program 2 boards without issue but maybe I try noburn and test before .

I burn two more board in one step without --test --noburn but I can’t flash them now.

Do you think I can’t burn directly with odmfuse.sh -p --disable-jtag -i 0x19 ??

I hope I don’t lost two board ?
Thank you .

hello JulienMoinard,

please double confirm you’re having r32.5 release SecureBoot Tools package.

could you please share the flashing message and the bootloader logs for reference,
thanks

Hello,

I can confirm that I use secureboot_R32.5.0_aarch64.tbz2 archive to obtain odmfuse

flash.log (97.1 KB)

*** Flashing target device started. ***
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[ 0.0076 ] Parsing partition layout
[ 0.0086 ] tegraparser_v2 --pt secureflash.xml.tmp
[ 0.0103 ]
[ 0.0106 ] Boot Rom communication
[ 0.0119 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_1_signed.rcm --rcm rcm_2_signed.rcm --skipuid
[ 0.0128 ] Bootrom returned error 22
[ 0.0421 ] Boot Rom communication failed
[ 0.0422 ]

I can use odmfuse.sh on both working boards and I can read some public information

[   5.0343 ] tegradevflash_v2 --reboot recovery
[   5.0349 ] Bootloader version 01.00.0000
[   5.0552 ] 
Fuse reading is done. The fuse values have been saved in: /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/fuse_info.txt
PublicKeyHash: 6d7a26e65a9a72b4cda88eecde80a8b03de01f0724292da0c008eb48605c6ab5
SecureBootKey: ffffffffffffffffffffffffffffffff
Kek0: ffffffffffffffffffffffffffffffff
Kek1: ffffffffffffffffffffffffffffffff
Kek2: ffffffffffffffffffffffffffffffff
Kek256: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
BootSecurityInfo: 00000005
JtagDisable: 00000001
SecurityMode: 00000001
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000
Production mode is set, you can't burn any manufacturing fuses now.
Error: check fuse values failed.

But on two another boards I can’t and I have directly an issue

sudo ./odmfuse.sh  --test --noburn -p --disable-jtag -i 0x19 -k /tmp/keys/rsa.key --KEK0 /tmp/keys/key0.key --KEK1 /tmp/keys/key1.key --KEK2 /tmp/keys/key2.key -S /tmp/keys/sbk.key jetson-xavier-nx-devkit-emmc

Odmfuse requires variable FAB, BOARDID, BOARDSKU and BOARDREV in order to run in the offline mode.
Otherwise odmfuse needs to access on board EEPROM. Make sure the board is in recovery mode.

copying soft_fuses(/data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying soft_fuses(/data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" --encrypt_key "/tmp/keys/sbk.key" --key "/tmp/keys/rsa.key" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0050 ] Generating RCM messages
[   0.0060 ] tegrasign_v2 --key /tmp/keys/sbk.key --file /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin --offset 4096
[   0.0073 ] SBK key is in string form 
[   0.0076 ] Key Size is 32 bytes
[   0.0214 ] 
[   0.0225 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt.bin zerosbk
[   0.0235 ] Header already present for /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt.bin
[   0.0266 ] 
[   0.0284 ] tegrasign_v2 --key /tmp/keys/rsa.key --getmode mode.txt
[   0.0294 ] PKC key in Open SSL format
[   0.0298 ] Key size is 256 bytes
[   0.0301 ] Valid PKC key
[   0.0307 ] 
[   0.0314 ] tegrasign_v2 --key /tmp/keys/rsa.key --file /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0321 ] PKC key in Open SSL format
[   0.0325 ] Key size is 256 bytes
[   0.0328 ] Valid PKC key
[   0.0335 ] Saving pkc public key  in pub_key.key
[   0.0786 ] 
[   0.0808 ] tegrahost_v2 --chip 0x19 0 --pubkeyhash pub_key.key --setmontgomeryvalues montgomery.bin --updatesigheader /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt_sigheader.bin /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt_sigheader.sig oem-rsa
[   0.0844 ] 
[   0.0858 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0871 ] 
[   0.0885 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_encrypt_sigheader.bin 0 0
[   0.0899 ] RCM 0 is saved as rcm_0.rcm
[   0.0928 ] RCM 1 is saved as rcm_1.rcm
[   0.0928 ] RCM 2 is saved as rcm_2.rcm
[   0.0928 ] List of rcm files are saved in rcm_list.xml
[   0.0928 ] 
[   0.0929 ] Signing RCM messages
[   0.0937 ] tegrasign_v2 --key /tmp/keys/rsa.key --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0944 ] PKC key in Open SSL format
[   0.0946 ] Key size is 256 bytes
[   0.0948 ] Valid PKC key
[   0.0956 ] Saving pkc public key  in pub_key.key
[   0.2248 ] 
[   0.2249 ] Copying signature to RCM mesages
[   0.2258 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml --pubkeyhash pub_key.key
[   0.2273 ] 
[   0.2273 ] Boot Rom communication
[   0.2280 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.2287 ] RCM version 0X13
[   0.2299 ] Boot Rom communication failed
[   5.2508 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.

Thank you.

Hi,

I am so sorry, in fact my production script have an issue with the format of SBK key.
I respect manually the documentation but not in my custom batch script.

I use 12456789abcdef0fedcba9876543210 instead of 0x1245678 0x9abcdef0 0xfedcba98 0x76543210 in my batch production script.

I am suprised fuseodm.sh continue with wrong key format but now with the right format I am able to flash my board even if fused with the wrong format ! unbelievable !

No board is killed on my side.

Please follow this information !

Best regards,

hello JulienMoinard,

glad to know it works,
for examination, please place the board into forced-recovery mode and execute odmfuseread.sh to read the fuse info from the target board.
for example, ./odmfuseread.sh -i 0x19 -k <key_file> -S <sbk_file> jetson-xavier-nx-devkit-emmc
thanks

Hello JerryChang,

Please find my odmfuseread log
odmfuseread.log (97.8 KB)

Fuse reading is done. The fuse values have been saved in: /data/nvidia/nvidia_sdk/JetPack_4.5_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/fuse_info.txt
PublicKeyHash: aec946d54bbc310946dbe01788229b06983f119ba7aa37e6e0dbd24fc900f62c
SecureBootKey: ffffffffffffffffffffffffffffffff
Kek0: ffffffffffffffffffffffffffffffff
Kek1: ffffffffffffffffffffffffffffffff
Kek2: ffffffffffffffffffffffffffffffff
Kek256: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
BootSecurityInfo: 00000005
JtagDisable: 00000001
SecurityMode: 00000001
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000

Thank you so much for your support

Hello, i make same mistake with you, what you have done after you found use 12456789abcdef0fedcba9876543210 to that board. I can read it with odmread, but I don’t know how to change it to 0x1234xxx format

you cannot change the values since fuse is non-reversible.

Hi JerryChang

Now my board seems always in RCM mode after boot up, I didn’t press reset button, what should I do to boot it up,?
should I use -p options to" Sets production mode"
on my board , Kek2 was zero value and production mode was on.

This is my fuse_info.txt read from board

PublicKeyHash: 8aaf6a7ee1ebd59048cb177dfca7e1c54294d8fc95f693ad5bd43ac4660b766f
SecureBootKey: 123456789abcdef0fedcba9876543210
Kek0: 00000000000000000000000000000000
Kek1: 00000000000000000000000000000000
Kek2: 00000000000000000000000000000000
Kek256: 0000000000000000000000000000000000000000000000000000000000000000
BootSecurityInfo: 00000005
JtagDisable: 00000000
SecurityMode: 00000000
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000

hello 411203060,

please setup serial console to gather the bootloader logs for reference,

Hi @JerryChang After power up, serial didn’t output any log for reference, so I think it was in RCM mode

hello 411203060,

may I know which JetPack release version you’re using.
besides, are you able to re-flash the release image to your device?

Yes

Jetpack :Jetpack 4.6
security boot tool : securityboot_R32.6.1_aarch64
flash os was abled but just only boot up faild

hello 411203060,

this thread were based-on JetPack-4.5,
could you please initial another new discussion thread for further tracking. thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.