KVM with L4T 32.1

Question: Has anyone tried KVM on L4T 32.1 and can confirm whether or not a patch to the device
tree is necessary as it was with 28.2?

I’m a bit wary about flashing the 32.1 bootloader before knowing for sure this is going to work…
(Booting the 32.1 kernel and root filesystem using the old bootloader and DTB seems to be a no-go. :-( )

// Marcus

Sorry, what is the KVM here?

Kernel-based Virtual Machine (https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine).
The thing that lets you run an up-to-date upstreams kernel (including one configured as
big endian) as a guest on the TX2.

// Marcus

Ok, so same question but for R32.2? Does nobody have any idea whether it works or not? I don’t want to break my existing installation by upgrading if KVM does not work…

// Marcus

I cannot guarantee. Maybe other users can share their experience.

I finally took the plunge with L4T 32.4.3, and can confirm that KVM still works like before, but also that the device tree hack is still needed.

Also, updating the device tree is really awkward. In addition to having to dd your device tree to a special partition on the system eMMC, you also have to run a signing script (provided with the BSP), which for reasons unknown splits the device tree blob into two files, one with the “.sig” extension added which contains the signature and the first 3696 bytes of data, and the original file, which it truncates by removing the first 3696 bytes(!). So you need to concatenate these and then dd the result to the special partition.

In summary: This is the thing you need to do:

cp your.dtb tmp.dtb   # The original gets destroyed by the signing script
l4t_sign_image.sh --file tmp.dtb --chip 0x18 # 0x18 is for TX2
cat tmp.dtb.sig tmp.dtb > signed.dtb
dd if=signed.dtb of=/dev/mmcblk0p30
dd if=signed.dtb of=/dev/mmcblk0p31

I haven’t checked yet wheter or not the l4t_sign_image.sh can actually be run on the Jetson itself…

Turns out the shell script runs an x86 binary (tegrasign_v2), so in order to run it on the Jetson you also need to install qemu-i386 and setup binfmt-misc.

Here’s a patch to tegraflash_internal.py which allows l4t_sign_image.sh to be run on the Jetson without binfmt_misc, only qemu is needed.

--- bootloader/tegraflash_internal.py.orig	2020-07-31 09:31:42.467126936 +0200
+++ bootloader/tegraflash_internal.py	2020-07-31 10:11:48.837351517 +0200
@@ -21,6 +21,7 @@
 import tempfile
 import re
 import binascii
+import platform
 
 try:
     track_py_file = True
@@ -2231,16 +2232,19 @@
     if sys.platform == 'win32':
         use_shell = True
 
+    if platform.machine() == 'i386':
+        bin_name = [bin_name]
+    else:
+        bin_name = ['qemu-i386', os.path.join(os.path.dirname(os.path.realpath(__file__)), bin_name)]
+
     try:
-        subprocess.Popen([bin_name], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=use_shell, env=cmd_environ)
+        subprocess.Popen(bin_name, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=use_shell, env=cmd_environ)
     except OSError as e:
-        raise tegraflash_exception('Could not find ' + bin_name)
+        raise tegraflash_exception('Could not find ' + bin_name[-1])
 
     supports_instance = ['tegrarcm', 'tegradevflash']
     if values['--instance'] is not None and name in supports_instance:
-        bin_name = [bin_name, '--instance', values['--instance']]
-    else:
-        bin_name = [bin_name]
+        bin_name = bin_name + ['--instance', values['--instance']]
 
     return bin_name
1 Like

FYI: You can be slightly more efficient by just calling the python script directly:

./bootloader/tegraflash.py --chip 0x18 --cmd “sign tegra186-your-board-file.dtb”

This should create the following file which can be used directly by the system in the kernel-dtb partition.
tegra186-your-board-file_sigheader.dtb.encrypt