I intend on enabling the security features but I want to check my fuse file and command are correct. But I;m not sure if my steps of flashing are overwriting my changes for the UEFI PV steps.
AGX Orin 64GB Devkit
hello developer244,
please note that,
the default fuse value of BootSecurityInfo was burned (by manufacturing) to 0x1E0.
you may refer to Jetson Orin Series Modules Fuse Update Field Services Bulletin for the details, this apply to ALL Jetson Orin series modules.
see-also Topic 344840 for reference.
disk encryption key (sym2_t234.key) is also in the EKS image,
you’ll need to download JP-6 public release sources, running the gen_ekb.py python script to re-create eks_t234.img with your keys.
see-also Topic 270934 to enable disk encryption with a custom key.
furthermore,
according to developer guide, Burn Fuses with the Fuse Configuration file.
we recommends burning all the fuses you need in a single operation.
hello developer244,
>> Q1
honestly, I had seen some issues (worst case was brick a module) with partial fuse burning.
>> Q2
that’s correct for flash-command key assignment.
just keep in mind that you’ll need to re-create EKS image with your keys since authentication keys were in the EKS as well.
>> Q3
it looks okay, although you’ve 2-step fuse burning process.
>> Q4
the default fuse value of BootSecurityInfo is 0x1E0 now. it should not change.
please check Jetson Download Center, or release notes per Jetpack public release for the updates.
hello developer244,
your fuse burning in two step approaches looks okay per reviewing the key combinations.
please give it a try for moving forward.
right, it could be redundant to recreating EKS image, just to be sure you’re using identical EKS image for flashing.
BITWISE OR is specially for reserved bits of FUSE_BOOT_SECURITY_INFO_0 .
for instance, assume your BOOT_SECURITY_INFO should be 0x209 per your key combination.
you should program this fuse variable to 0x3E9 (an OR of 0x209 and 0x1E0) for your use-case. it’s okay for those 0x0 (old modules) or 0x1E0 (new modules), you may program boot_security_info as 0x3E9 to them directly since it’s the “Reserved” fuse variable.
hello developer244,
yes, you’ll need to OR this fuse variable.
as you can see of Jetson Orin Series Modules Fuse Update Field Services Bulletin,
it’s by default 0x0 (old modules), or 0x1E0 (new modules) for BootSecurityInfo.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.