Jetson Xavier NX burn Tegra fuses made the device unbootable

hello ilies.chergui,

could you please have offline approach to generate the image blob.
for example,
$ sudo BOARDID=<> FAB=<> BOARDSKU=<> BOARDREV=<> ./flash.sh --no-flash -u <pkc_keyfile> -v <sbk_keyfile> jetson-xavier-nx-devkit-emmc mmcblk0p1

after that,
please have a try with the generate command-line to flash the board,
thanks

Hello @JerryChang

For your information, I didn’t burn PKC and SBK

I burnt only odm-reserved[0-7], kek0, kek1and kek2

I don’t believe that the command you suggest will work.

Should I burn the PKC and SBK first via script odmfuse.sh ? What do you think ?

hello ilies.chergui,

to be honest,
we didn’t verify the combination of NS+ODM_Reserved+KEKs. we tested PKC+SBK+… combinations.

here’re steps of burning fuse and flashing the board,

  1. prepare keys and run odmfuse.sh with noburn options to generate the fuse blob.
  2. un-tar fuseblob.tbz2 and check odmfuse_pkc.xml, if required fuses are included.
  3. execute generated fusecmd.sh to actually fuse the board.
  4. perform flash.sh with no-flash options to generate image blob.
  5. confirm image blob is created, perform flashcmd.txt to flash the target.

you may include the board information into both of odmfuse.sh and flash.sh command lines, it should workaround the Boot Rom communication failed errors.
for example,
$ sudo BOARDID=3668 FAB=100 BOARDSKU=0001 BOARDREV=F.0 ./odmfuse.sh --noburn ... jetson-xavier-nx-devkit-emmc
and
$ sudo BOARDID=3668 FAB=100 BOARDSKU=0001 BOARDREV=F.0 ./flash.sh --no-flash ... jetson-xavier-nx-devkit-emmc mmcblk0p1

you should check the board information via TNSPEC,
or, here’s an example in the l4t_generate_soc_bup.sh for the detail board spec.
for example,

    # jetson-xavier-nx-devkit-emmc:
    'boardid=3668;fab=100;boardsku=0001;boardrev=;fuselevel_s=1;chiprev=2;board=jetson-xavier-nx-devkit-emmc;rootdev=mmcblk0p1'

hence,
please include the board information and try again, and share results to us for reference,
thanks

Hey @JerryChang

I followed the instructions that you shared to burn the tegra fuses (PKC and SBK) but it doesn’t work.

  • Prepare keys (PKC and SKB) and run odmfuse.sh with noburn options
$ sudo BOARDID=3668 BOARDSKU=0001 FAB=100 FUSELEVEL=fuselevel_production ./odmfuse.sh --noburn -j -i 0x19 -c PKC -k my_privkey.pem -S my_sbk.key jetson-xavier-nx-devkit-emmc

fuseblob.tbz2 (8.5 MB)

  • check odmfuse_pkc.xml
$ cat odmfuse_pkc.xml 
<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="SecureBootKey" size="16" value="0xe4b0f49660b86a4c97b0a5ca6d28c969" />
<fuse name="PublicKeyHash" size="32" value="0x179d12836c8f1cc41a037a7f923c9ccb218b4ef8df256e8c634cc376e2f5aea3" />
<fuse name="BootSecurityInfo" size="4" value="0x5" />
</genericfuse>
  • Execute generated fusecmd.sh to burn the Tegra fuses
$ sudo bash ./fusecmd.sh 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0014 ] Generating RCM messages
[   0.0027 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader mb1_t194_prod.bin zerosbk
[   0.0033 ] Header already present for mb1_t194_prod.bin
[   0.0058 ] 
[   0.0066 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0073 ] Assuming zero filled SBK key
[   0.0073 ] 
[   0.0081 ] tegrasign_v2 --key None --file mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0088 ] Assuming zero filled SBK key
[   0.0091 ] 
[   0.0098 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mb1_t194_prod_sigheader.bin mb1_t194_prod_sigheader.hash zerosbk
[   0.0128 ] 
[   0.0136 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0144 ] 
[   0.0151 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm mb1_t194_prod_sigheader.bin 0 0
[   0.0157 ] RCM 0 is saved as rcm_0.rcm
[   0.0181 ] RCM 1 is saved as rcm_1.rcm
[   0.0181 ] RCM 2 is saved as rcm_2.rcm
[   0.0181 ] List of rcm files are saved in rcm_list.xml
[   0.0181 ] 
[   0.0182 ] Signing RCM messages
[   0.0188 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0195 ] Assuming zero filled SBK key
[   0.0201 ] 
[   0.0201 ] Copying signature to RCM mesages
[   0.0209 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0221 ] 
[   0.0221 ] Boot Rom communication
[   0.0229 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml
[   0.0236 ] BR_CID: 0x98021911647076c20c00000002ff8280
[   0.0244 ] RCM version 0X13
[   0.0381 ] Boot Rom communication failed
[   5.2452 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml

What do you think ?
How can I fix the issue Boot Rom communication failed ?

Thanks.

hello ilies.chergui,

it’s possible that dump eeprom board info cvm.bin mismatch your board spec.
for example,
it’s ./chkbdinfo -i cvm.bin to parse the board-id into the command-line.

did you know your correct board info? for example, it’ll report during the flashing process.
since the fuse burning can’t be reverted, suggest you should enable the --test command option in the fuse burning command,
thanks

Hello @JerryChang

I don’t understand why the Tegra fuses burning does affect the EEPROM contents.

I tried the script odmfuse.sh with --noburn and --test options but it doesn’t work.

  • Here is the result
➜  Linux_for_Tegra sudo ./odmfuse.sh --noburn --test -j -i 0x19 -c PKC -k my_privkey.pem -S my_sbk.key jetson-xavier-nx-devkit-emmc
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0033 ] Generating RCM messages
[   0.0041 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin zerosbk
[   0.0048 ] Header already present for /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin
[   0.0073 ] 
[   0.0080 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0086 ] Assuming zero filled SBK key
[   0.0086 ] 
[   0.0093 ] tegrasign_v2 --key None --file /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0100 ] Assuming zero filled SBK key
[   0.0104 ] 
[   0.0110 ] tegrahost_v2 --chip 0x19 0 --updatesigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.hash zerosbk
[   0.0140 ] 
[   0.0149 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0157 ] 
[   0.0166 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin 0 0
[   0.0173 ] RCM 0 is saved as rcm_0.rcm
[   0.0196 ] RCM 1 is saved as rcm_1.rcm
[   0.0196 ] RCM 2 is saved as rcm_2.rcm
[   0.0196 ] List of rcm files are saved in rcm_list.xml
[   0.0196 ] 
[   0.0196 ] Signing RCM messages
[   0.0203 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0210 ] Assuming zero filled SBK key
[   0.0217 ] 
[   0.0217 ] Copying signature to RCM mesages
[   0.0225 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0236 ] 
[   0.0236 ] Boot Rom communication
[   0.0243 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.0249 ] RCM version 0X13
[   0.0259 ] Boot Rom communication failed
[   5.0524 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.
➜  Linux_for_Tegra 

Is there any option to recover the EEPROM or bypass bootrom communication ?

hello ilies.chergui,

please use below command-line to test again, it include -p options.
i.e. $ sudo ./odmfuse.sh --noburn --test -j -i 0x19 -c PKC -p -k my_privkey.pem -S my_sbk.key jetson-xavier-nx-devkit-emmc

BTW,
may I know is this a follow-up issue of Topic 158361?
we had some secure package updates, may I also know is it possible to moving to the latest release (i.e. l4t-r32.5.1) for development.
thanks

Hello @JerryChang

Thanks for your quick reply, this issue is not a follow-up of Topic 158361

In Topic 158361, I was using the Jetson Xavier NX (SDcard version)

For this issue I’m using a Production module as I mentioned Here.

Regarding the latest version of L4T, I will give it a try and I will let you know

Thanks

hello ilies.chergui,

got it, please have a try to include -p options into the command-line.
thanks

Hello @JerryChang

I tried with -p option in the command-line but it doesn’t work to me.

➜  Linux_for_Tegra sudo ./odmfuse.sh --noburn --test -j -i 0x19 -c PKC -p -k my_privkey.pem -S my_sbk.key jetson-xavier-nx-devkit-emmc      
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0068 ] Generating RCM messages
[   0.0080 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin zerosbk
[   0.0089 ] Header already present for /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin
[   0.0127 ] 
[   0.0137 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0146 ] Assuming zero filled SBK key
[   0.0147 ] 
[   0.0157 ] tegrasign_v2 --key None --file /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0167 ] Assuming zero filled SBK key
[   0.0173 ] 
[   0.0184 ] tegrahost_v2 --chip 0x19 0 --updatesigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.hash zerosbk
[   0.0233 ] 
[   0.0249 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0262 ] 
[   0.0272 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin 0 0
[   0.0281 ] RCM 0 is saved as rcm_0.rcm
[   0.0319 ] RCM 1 is saved as rcm_1.rcm
[   0.0320 ] RCM 2 is saved as rcm_2.rcm
[   0.0320 ] List of rcm files are saved in rcm_list.xml
[   0.0320 ] 
[   0.0320 ] Signing RCM messages
[   0.0331 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0341 ] Assuming zero filled SBK key
[   0.0350 ] 
[   0.0351 ] Copying signature to RCM mesages
[   0.0367 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0386 ] 
[   0.0387 ] Boot Rom communication
[   0.0396 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.0406 ] RCM version 0X13
[   0.0418 ] Boot Rom communication failed
[   5.0489 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.
➜  Linux_for_Tegra 

What do you think ?
I don’t understand why burning the tegra fuses affects EEPROM ?
How can I go to the production and the process to burn the tegra fuses process is unstable ?
I think that I haven’t done something wrong to break the device. I followed the secure boot documentation.
I’m so disappointed.

hello ilies.chergui,

we’ve check locally, the exactly same odmfuse commands does works.
i.e. $ sudo ./odmfuse.sh --noburn --test -j -i 0x19 -c PKC -p -k my_privkey.pem -S my_sbk.key jetson-xavier-nx-devkit-emmc

may I know is this Xavier NX ever fused before?
thanks

Hello @JerryChang
My Jetson XAvier NX was not fused before.

Could you please explain why my device doesn’t boot (I can’t see anything via the Serial UART) ?
When I try the following command, my device looks like it is in recovery mode

➜  ~ lsusb | grep -i "nvidia"
Bus 001 Device 010: ID 0955:7e19 NVidia Corp. 

hello ilies.chergui,

could you please read the fuse info from the target board with odmfuseread.sh, it supports with t194 series platforms.
please put device to enter forced-recovery mode and execute $ ./odmfuseread.sh -i <chip_id> [options] target_board.
please share the fuse values for reference, thanks

Hello @JerryChang
Thanks for your quick relay.
I try the command you shared last time and it doesn’t work to me.
I got the same issue Reading board information failed.. the issue that I can see is the EEPROM is not accessible.
I try it again now. Here is the result:

➜  Linux_for_Tegra sudo ./odmfuseread.sh -c NS -i 0x19 jetson-xavier-nx-devkit-emmc      
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying soft_fuses(/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0113 ] Generating RCM messages
[   0.0174 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin zerosbk
[   0.0188 ] Header already present for /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod.bin
[   0.0239 ] 
[   0.0258 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0271 ] Assuming zero filled SBK key
[   0.0314 ] 
[   0.0334 ] tegrasign_v2 --key None --file /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0369 ] Assuming zero filled SBK key
[   0.0372 ] 
[   0.0388 ] tegrahost_v2 --chip 0x19 0 --updatesigheader /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.hash zerosbk
[   0.0557 ] 
[   0.0613 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0650 ] 
[   0.0669 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /home/ichergui/projects/platforms/xavier_nx_devkit_emmc/jetpack_4.4/nvidia_sdk/JetPack_4.4_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin 0 0
[   0.0684 ] RCM 0 is saved as rcm_0.rcm
[   0.0761 ] RCM 1 is saved as rcm_1.rcm
[   0.0765 ] RCM 2 is saved as rcm_2.rcm
[   0.0798 ] List of rcm files are saved in rcm_list.xml
[   0.0801 ] 
[   0.0801 ] Signing RCM messages
[   0.0826 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0871 ] Assuming zero filled SBK key
[   0.0872 ] 
[   0.0909 ] Copying signature to RCM mesages
[   0.0946 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0991 ] 
[   0.0992 ] Boot Rom communication
[   0.1009 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.1024 ] RCM version 0X13
[   0.1031 ] Boot Rom communication failed
[   5.2592 ] 
Error: Return value 3
Command tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
Reading board information failed.
➜  Linux_for_Tegra 
  • Here is the fuses and their values:
Tegra fuse Value
odm_reserved0 0xfbb28eb6
odm_reserved1 0xbe4bdc9c
odm_reserved2 0xef480ce5
odm_reserved3 0x1ebf4ae3
odm_reserved4 0x29252cae
odm_reserved5 0x56fd2b7c
odm_reserved6 0x29d4fd9e
odm_reserved7 0xe4be918d
KEK0 0xb92c6418d1bb66d116e809a599bb5ffd
KEK1 0x90feb45b1a2be3ffe20dd5225a1f9858
KEK2 0xe26ac1d35b2a5503d2d5627afe28bb3d

hello ilies.chergui,

it’s necessary that you must enable secureBoot for Xavier to program all fuse (PKC, SBK, KEK…etc) at once, in addition to make the “SecurityMode” enabled. (i.e. -p option of odmfuse.sh)

let’s check your Boot Rom communication failed first,
are you able to prints UID of chip as below. i.e. $OUT/Linux_for_Tegra/bootloader/tegrarcm_v2 --uid
for a clean board, the first nibble of BR_CID is expected to be 8.

Hello @JerryChang

I tried the command line you suggest, here is the result.

$ ./tegrarcm_v2 --uid     
BR_CID: 0x98021911647076c20c00000002ff8280

Could you please tell me if this value was expected ?

hello ilies.chergui,

it’s a bug with l4t-r32.4.3 release.
when no PKC or SBK is specified, the odmfuse.sh still generates a config in odmfuse_pkc.xml.
for example, <fuse name="BootSecurityInfo" size="4" value="0x1" />
this is incorrect, that means PKC is enabled.
FYI,
such error fusing issue has already fixed in the l4t-r32.5 release.

however,
the BootSecurityInfo has been burned to enable PKC, but the PKC hash is zero (i.e. due to not setting the PKC key).
since fuse programming is non-reversible, there’s no ways to recover this board.

that’s say, this board is bricked.

Hello @JerryChang

Thanks to let me know that the device is bricked.
This is my second Jetson Xavier NX module that I broke because of the bugs or the documentations not updated.
How we can proceed about my Jetson Xavier NX module (eMMC version) ? Can I send it to your team and you send me new one ?
I hope you can help me because I already spent 800£ on Jetson Xavier NX

hello ilies.chergui,

yes, please contact the NVIDIA Customer Care team for the RMA process.

I have more details regarding to the failure.
it’s bootrom always tries to verify the PKC hash first to communicate with the board.
due to the fuse is actually PKC hash, which is calculated based on a given PKC key.
so, the board is bricked, unless you can find a PKC key which has an all-zero PKC hash.

to summarize the status of SecureBoot package,
for l4t-r32.4.3, it’s comment #25 to have workaround to enable secureBoot by programming all fuse at once.
for l4t-r32.5, the fixes of fusing error has included, it’s suggest moving to the latest JetPack release to enable secureBoot.