Meaning of 'ODM Key Valid' in Jetson Orin Series Fuse Specification

Per the Secure Boot documentation found here the sample fuse configuration file to enable Secure Boot with an RSA-3K key is as follows:

<genericfuse MagicId="0x45535546" version="1.0.0">
    <fuse name="PublicKeyHash" size="64" value="0x18e984f7d79f7a185039ec413ed2ff86227c8f0be639edde0cf23ab1f7910b759ede8fb0c20d02c68deb04a75226d632f9fe24c71dad4b302acdba13db658130"/>
    <fuse name="BootSecurityInfo" size="4" value="0x201"/>
    <fuse name="SecurityMode" size="4" value="0x1"/>
</genericfuse>

Per the fuse specification the 2 in 0x201 represents “ODM Key Valid”. What is that exactly? What happens if that is omitted? Early on I used the 0x201 value in my fuse configuration and had issues.
Once omitted I was able to get things working although since it was early on in our develoment cycle I may have done something incorrectly. Now I’m trying to circle back and make sure I have everything defined correctly, but I can’t seem to find the documentation that describes what this bit affects.

hello chad.mcquillen,

ODM Key Valid this is single bit which specifies if ODM fuse keys are fused and should be loaded. for instance, 0=Not Valid; 1=Valid.
furthermore, if ODM_KEY_VALID or SECURITY_MODE is burned, ODM fuse keys must also be burned.

“ODM fuse keys” = “ODM Field Programmable Fuses” in the fuse specification?

that’s correct.

Is the documentation a bit mis-leading? The ODM Key Valid bit is flipped in the sample fuse configuration, but no ODM fuse keys are specified.

hello chad.mcquillen,

you’re correct. the sample fuse configuration file is misleading.
this “ODM Key Valid” bit should be enabled only when OEM_K1 and OEM_K2 are burned.

let me arrange resources to address this issue.