Nx xaviar problem using both uefi secure boot and disk encryption

Autonomous Machines Jetson & Embedded Systems Jetson Xavier NX
,
1

hey, i am trying to use UEFI secure boot and disk encryption on a NX Xavier EMMC,
I do not have any fused keys, I use the following command I flash it

sudo ROOTFS_ENC=1 ./flash.sh -i "./sym2_t194.key" --uefi-keys uefi_keys/uefi_keys.conf jetson-xavier-nx-devkit-emmc mmcblk0p1

but on boot, I get the following after which it reboots into the EFI shell

etson UEFI firmware (version 5.0-35550185 built on 2024-02-20T04:21:22+00:00)
ESC   to enter Setup.
F11   to enter Boot Manager Menu.
Enter to continue boot.
**  WARNING: Test Key is used.  **
......
      ��I/TC: Reserved shared memory is disabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
��L4TLauncher: Attempting Direct Boot
��E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0006
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
��OpenAndReadFileToBuffer: \boot\initrd failed signature verification: Security Vi
olation
ExtLinuxBoot:sds Failed to Authenticate \boot\initrd (Security Violation)
L4TLauncher: Unable to boot via extlinux: Security Violation
L4TLauncher: Attempting Kernel Boot
��E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0006
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
��ReadEncryptedImage: Failed to read data from partition
OpteeDecryptImage: Failed to read data
ReadAndroidStyleKernelPartition: OpteeDecryptImage failed 
Failed to boot kernel:0 partition
����Shutdown state requested 1
Rebooting system ...

I can flash it for uefi secureboot or disk encruption but not combined

3

hello lucasjeppesen,

may I double check which Jetpack release version you’re working with?
you may also list your steps in details for cross checking. thanks

4

i am using jetpack 5.1.3, jetson 35.5

for generetating keys for encryption i did ran the following

# [T194 example]
    # This is default KEK2 root key for unfused board
    echo "00000000000000000000000000000000" > kek2.key

    # This is the fixed vector for deriving EKB root key from fuse.
    # It is expected user to replace the FV below with a user specific
    # FV, and code the exact same user specific FV into OP-TEE.
    echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t194

    # Generate user-defined symmetric key files
    # For each key, uncomment the random generate key and comment out the next line for production
    openssl rand -rand /dev/urandom -hex 16 > sym_t194.key
    # echo "00000000000000000000000000000000" > sym_t194.key
    openssl rand -rand /dev/urandom -hex 16 > sym2_t194.key
    # echo "00000000000000000000000000000000" > sym2_t194.key
    openssl rand -rand /dev/urandom -hex 16 > auth_t194.key
    # echo "00000000000000000000000000000000" > auth_t194.key

    python3 ../gen_ekb.py -chip t194 -kek2_key kek2.key \
            -fv fv_ekb_t194 \
            -in_sym_key sym_t194.key \
            -in_sym_key2 sym2_t194.key \
            -in_auth_key auth_t194.key \
            -out eks_t194.img

after which I copyed the eks_t194.img to the Linux_for_Tegra/bootloader/
and copyed sym2_t194.key to Linux_for_Tegra/

for creating the keys for uefi I ran the following commands from the Linux_for_Tegra folder

mkdir uefi_keys
cd uefi_keys

openssl req -newkey rsa:2048 -nodes -keyout PK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Platform Key/" -out PK.crt

openssl req -newkey rsa:2048 -nodes -keyout KEK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Key Exchange Key/" -out KEK.crt

openssl req -newkey rsa:2048 -nodes -keyout db_1.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Signature Database key/" -out db_1.crt

openssl req -newkey rsa:2048 -nodes -keyout db_2.key  -new -x509 -sha256 -days 3650 -subj "/CN=my another Signature Database key/" -out db_2.crt

and created the uefi_keys.conf in the uefi_keys/ folder the the following

UEFI_PK_KEY_FILE="PK.key";
UEFI_PK_CERT_FILE="PK.crt";
UEFI_KEK_KEY_FILE="KEK.key";
UEFI_KEK_CERT_FILE="KEK.crt";
UEFI_DB_1_KEY_FILE="db_1.key";
UEFI_DB_1_CERT_FILE="db_1.crt";
UEFI_DB_2_KEY_FILE="db_2.key";
UEFI_DB_2_CERT_FILE="db_2.crt";

then I ran

cd ..
sudo tools/gen_uefi_default_keys_dts.sh uefi_keys/uefi_keys.conf
sudo chmod 644 uefi_keys/_out/*.auth

and after this I ran the flashing command

sudo ROOTFS_ENC=1 ./flash.sh -i "./sym2_t194.key" --uefi-keys uefi_keys/uefi_keys.conf jetson-xavier-nx-devkit-emmc mmcblk0p1
5

hello lucasjeppesen,

let’s narrow down the issue,
please check you’re able to boot up with disk encryption only (i.e. ROOTFS_ENC=1)

according to r35.6.0 release node,
please moving to the latest JP-5 release version if that’s booting failure with UEFI secureboot.
re-cap the fixed issue as below…

Issue-4554302: Boot issue in UEFI variable authentication.

6

I could boot it with encryption in Jetson 35.6/jetpack 5.1.4

my steps

  1. generate ekb using gen_ekb.py from optee(git://nv-tegra.nvidia.com/tegra/optee-src/nv-optee.git) on tag jetson_35.6 using the following script
#!/bin/bash

# Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause

# [T194 example]
# This is default KEK2 root key for unfused board
echo "00000000000000000000000000000000" > kek2.key

# This is the fixed vector for deriving EKB root key from fuse.
# It is expected user to replace the FV below with a user specific
# FV, and code the exact same user specific FV into OP-TEE.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t194

# Generate user-defined symmetric key files
# A random generate key is recommended for production, and a specified key is recommended for testing
# For each key, there are reference examples for generating random key and specifying keys.
openssl rand -rand /dev/urandom -hex 16 > sym_t194.key
# echo "00000000000000000000000000000000" > sym_t194.key
openssl rand -rand /dev/urandom -hex 16 > sym2_t194.key
# echo "00000000000000000000000000000000" > sym2_t194.key
openssl rand -rand /dev/urandom -hex 16 > auth_t194.key
# echo "00000000000000000000000000000000" > auth_t194.key

python3 gen_ekb.py -chip t194 -kek2_key kek2.key \
       -fv fv_ekb_t194 \
       -in_sym_key sym_t194.key \
       -in_sym_key2 sym2_t194.key \
       -in_auth_key auth_t194.key \
       -out eks_t194.img
  1. copy eks_t194.img to Linux_for_Tegra/bootloader/
  2. copy sym2_t194.key to Linux_for_Tegra/
  3. flash using the following command
sudo ROOTFS_ENC=1 ./flash.sh -i "./sym2_t194.key" jetson-xavier-nx-devkit mmcblk0p1 | tee ../flashing_script.log

the logs are here
log from flasing.sh
flashing_script.log (485.6 KB)
log from uart
flash_enc.log (78.8 KB)

7

i tried to use uefi secure boot in the same workspace

and i got the samme error as from the begin

i did the following

  1. ran the following commands
mkdir uefi_keys
cd uefi_keys
openssl req -newkey rsa:2048 -nodes -keyout PK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Platform Key/" -out PK.crt
openssl req -newkey rsa:2048 -nodes -keyout KEK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Key Exchange Key/" -out KEK.crt
openssl req -newkey rsa:2048 -nodes -keyout db_1.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Signature Database key/" -out db_1.crt
openssl req -newkey rsa:2048 -nodes -keyout db_1.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Signature Database key/" -out db_1.crt
  1. created the uefi_keys.conf in Linux_for_Tegra/uefi_keys/ with the following
UEFI_PK_KEY_FILE="PK.key";
UEFI_PK_CERT_FILE="PK.crt";
UEFI_KEK_KEY_FILE="KEK.key";
UEFI_KEK_CERT_FILE="KEK.crt";
UEFI_DB_1_KEY_FILE="db_1.key";
UEFI_DB_1_CERT_FILE="db_1.crt";
UEFI_DB_2_KEY_FILE="db_2.key";
UEFI_DB_2_CERT_FILE="db_2.crt";
  1. genered the device tree files
cd ..
sudo tools/gen_uefi_default_keys_dts.sh uefi_keys/uefi_keys.conf
sudo chmod 644 uefi_keys/_out/*.auth
  1. flash the device
sudo ./flash.sh --uefi-keys uefi_keys/uefi_keys.conf jetson-xavier-nx-devkit mmcblk0p1 | tee ../flashing_script_secureboot.log

here are the logs
log from flash.sh
flashing_script_secureboot.log (469.8 KB)
log from uart
flash_secureboot.log (79.4 KB)

9

Hi lucasjeppesen,

Are you using Xavier NX with SD module or eMMC module?
It seems like eMMC module in original post (jetson-xavier-nx-devkit-emmc).
Why you specify jetson-xavier-nx-devkit currently which is used for SD module?

Do you update eks image in this attempt?

10

I started using the EMMC module, I have changed to the SD card module as it made more sense for something else I was doing. Does it make a difference if I am using the SD card module or the EMMC?
I used the same EKS image for the UEFI flash as I did for the enc flash

11

i tried flashing the emmc module and got the same results, I used the same workspace as the sd card module.
there are the logs:
enc flash script out:
flashing_script_emmc.log (482.7 KB)
enc uart out:
flash_enc_emmc.log (78.5 KB)
secure boot flash script out:
flashing_script_secureboot_emmc.log (455.0 KB)
secure boot uart out:
flash_secureboot_emmc.log (81.2 KB)

14

Could you also perform this when you are verifying to enable UEFI secureboot?

And check if you would still hit the following errors during boot up.

ÿäE/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0006
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
E/TA:  decrypt_image:99 TEE_InvokeTACommand failed with res = 0xffff0007
15

the logs I have sent with secure boot are using the eks_t194.img from the encryption, as I used the same Linux_for_Tegra folder

16

Please remove the line of -in_sym_key sym_t194.key \ in script to generate eks image and replace it to verify UEFI secureboot again.

1 Like
17

i regenerated the eks image with the same keys exipts i removed the -in_sym_key sym_t194.key \ as requsted
this time it booted stating secureboot in able.
what is the sym key used for?

here are the logs:
flasing script:
flashing_script_secureboot_emmc_no_symkey.log (455.0 KB)
uart out:
flash_secureboot_emmc_no_sym_key.log (77.4 KB)

18

sym_t194.key is UEFI payload encryption key.
If the EKS contains the UEFI payload encryption key and UEFI secure boot is enabled, L4TLauncher will assume that UEFI payload encryption is enabled and will attempt to decrypt the UEFI payloads.

We will remove this key in default eks image in next JP5.x release.

19

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.