Need help to fix Massfuse script

We try to use the newest secure boot release “secureboot_R32.4.3_aarch64.tbz2” to get massfuse blob.
But the script cannot work. The script ./odmfuse.sh doesn’t support the command format descripted in file README_Massfuse.txt .
Here is the errror log :
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$ sudo BOARDID=3448 BOARDSKU=0002 FAB=200 FUSELEVEL=fuselevel_production ./nvmassfusegen.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem jetson-nano-emmc
[sudo] password for bowang:

|| Generate Massfuse Image without Jetson device connected:
|| BOARDID=3448 BOARDSKU=0002 FAB=200 FUSELEVEL=fuselevel_production

±------------------------------------------------------------------------------
| Step 1: Generate Command File
±------------------------------------------------------------------------------
Usage:
./odmfuse.sh -c -i -k [options]

Where options are,
-c ------ NS – No Crypto, PKC - Public Key Crypto.
-d <0xXXXX> ---------- sets sec_boot_dev_cfg=0xXXXX&0x3fff.
-i --------- tegra ID: 0x40-TK1, 0x21-TX1
-j ------------------- Keep jtag enabled.
-k --------- 2048 bit RSA private KEY file. (.pem file)
-l <0xX> ------------- sets odm_lock=0xX.
-o <8-0xXXXXXXXX> ---- sets odm_reserved=<8-0xXXXXXXXX>
1 256bit Big Endian value.
-p ------------------- sets production mode.
-r <0xXX> ------------ sets sw_reserved=0xXX.
-D --------- 32bit Device Key file in HEX format (TK1 & TX1 only).
-S -------- 128bit Secure Boot Key file in HEX format.
–noburn ------------- Prepare fuse blob without actual burning.
–test --------------- No fuses will be really burned, for test purpose.
*** Error: fusecmd.sh generation failed.
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$

hello bowang,

it seems you’re building the Massfuse Blob with OFFLINE method.
could you please check the TNSPEC of your Nano platforms.
i.e. $ cat /etc/nv_boot_control.conf

please note that,
you should also check Topic 144888, please apply those nvtboot*.bin binaries to correct fuse burn issue.
thanks

Hi Jerry , thank you for your reply.
Here is the content of file nv_boot_control.conf

vaitl@localhost:~$ cat /etc/nv_boot_control.conf

TNSPEC 3448-400-0002-F.0-1-0-jetson-nano-emmc-mmcblk0p1
TEGRA_CHIPID 0x21
TEGRA_OTA_BOOT_DEVICE /dev/mmcblk0boot0
TEGRA_OTA_GPT_DEVICE /dev/mmcblk0boot1
vaitl@localhost:~$

Thank you for the note, Enabling the secure boot and flashing signed image are OK.
Just want to check the massfuse function.

hello bowang,

please have another try to build the Massfuse Blob with the TNSPEC of your platform.
for example,
$ sudo BOARDID=3448 BOARDSKU=0002 FAB=400 FUSELEVEL=fuselevel_production ./nvmassfusegen.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem jetson-nano-emmc

Here is the log:
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$ sudo BOARDID=3448 BOARDSKU=0002 FAB=400 FUSELEVEL=fuselevel_production ./nvmassfusegen.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem jetson-nano-emmc

[sudo] password for bowang:

|| Generate Massfuse Image without Jetson device connected:
|| BOARDID=3448 BOARDSKU=0002 FAB=400 FUSELEVEL=fuselevel_production

±------------------------------------------------------------------------------
| Step 1: Generate Command File
±------------------------------------------------------------------------------
Usage:
./odmfuse.sh -c -i -k [options]

Where options are,
-c ------ NS – No Crypto, PKC - Public Key Crypto.
-d <0xXXXX> ---------- sets sec_boot_dev_cfg=0xXXXX&0x3fff.
-i --------- tegra ID: 0x40-TK1, 0x21-TX1
-j ------------------- Keep jtag enabled.
-k --------- 2048 bit RSA private KEY file. (.pem file)
-l <0xX> ------------- sets odm_lock=0xX.
-o <8-0xXXXXXXXX> ---- sets odm_reserved=<8-0xXXXXXXXX>
1 256bit Big Endian value.
-p ------------------- sets production mode.
-r <0xXX> ------------ sets sw_reserved=0xXX.
-D --------- 32bit Device Key file in HEX format (TK1 & TX1 only).
-S -------- 128bit Secure Boot Key file in HEX format.
–noburn ------------- Prepare fuse blob without actual burning.
–test --------------- No fuses will be really burned, for test purpose.
*** Error: fusecmd.sh generation failed.
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$
The file ./odmfuse.sh still doesn’t support the command format descripted in file README_Massfuse.txt .

hello bowang,

please apply those nvtboot*.bin binaries to correct fuse burn issue.
after that, are you able to fuse the board with below commands?
for example,

$ sudo ./odmfuse.sh -i 0x21 -p -c PKC -k key.pem

Yes , i used this command :
sudo ./odmfuse.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem
this is OK.

hello bowang,

could you please try the ONLINE approach since they’re behavior differently.
thanks

Hi jerry
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$ sudo ./nvmassfusegen.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem jetson-nano-emmc
[sudo] password for bowang:

|| Generate Massfuse Image with Jetson device connected:
|| Requires the Jetson connected in RCM mode.

1 Jetson devices in RCM mode. USB: 1-7.3
±------------------------------------------------------------------------------
| Step 1: Generate Command File
±------------------------------------------------------------------------------
Usage:
./odmfuse.sh -c -i -k [options]

Where options are,
-c ------ NS – No Crypto, PKC - Public Key Crypto.
-d <0xXXXX> ---------- sets sec_boot_dev_cfg=0xXXXX&0x3fff.
-i --------- tegra ID: 0x40-TK1, 0x21-TX1
-j ------------------- Keep jtag enabled.
-k --------- 2048 bit RSA private KEY file. (.pem file)
-l <0xX> ------------- sets odm_lock=0xX.
-o <8-0xXXXXXXXX> ---- sets odm_reserved=<8-0xXXXXXXXX>
1 256bit Big Endian value.
-p ------------------- sets production mode.
-r <0xXX> ------------ sets sw_reserved=0xXX.
-D --------- 32bit Device Key file in HEX format (TK1 & TX1 only).
-S -------- 128bit Secure Boot Key file in HEX format.
–noburn ------------- Prepare fuse blob without actual burning.
–test --------------- No fuses will be really burned, for test purpose.
*** Error: fusecmd.sh generation failed.
bowang@PLS:~/nvidia/nvidia_sdk/JetPack_4.4_Linux_JETSON_NANO/Linux_for_Tegra$

hello bowang,

since I don’t have devices on hand for testing,
may I know your test results by removing the <device_name> from the command line.
for example,

$ sudo ./nvmassfusegen.sh -j -i 0x21 -c PKC -p -k …/rsa_priv.pem 

Hi bowang,

Is this still an issue to support? Ay result can be shared?

Yes . It is still a problem. no new result.

Hi @bowang @JerryChang @kayccc

I think that the issue is in the odmfuse.sh script, please take a look in this script from line 1007

Here is the code bloc

	if [ "${tid}" = "0x18" -o "${tid}" = "0x19" ]; then
		if [ $# -ne 1 ]; then
			usage;
		fi;
        ...	
	else
		if [ $# -ne 0 ]; then
			usage;
		fi;
	fi;

The TegraID (0x21) for Jetson Nano is not define in the if statement.

You can add the check there as follow but you need also to update the function cpcfg ()

  • Go to line 1007 and change the line as below:
if [ "${tid}" = "0x18" -o "${tid}" = "0x19" -o "${tid}" = "0x21" ]; then

Please let me know if you need support on this one.

Note:

  • You can find the odmfuse.sh script in the secureboot package secureboot_R32.4.3_aarch64.tbz2
  • You can download the secureboot package from here

Ilies

Hi bowang,

We tried below command is working:

$ sudo BOARDID=3448 BOARDSKU=0002 FAB=200 FUSELEVEL=fuselevel_production ./nvmassflashgen.sh -x 0x21 -y PKC -u rsa_priv.pem jetson-nano-emmc mmcblk0p1

Hi @carolyuu

@bowang is trying to build the Massfuse Blob, that’s why you see the usage of nvmassfusegen.sh script. This script call the odmfuse.sh script.

Ilies

Hi ilies.chergui,

For odmfuse.sh script issue, please reference Topic-144888. Thanks!