Hi, lately I’ve been trying to enable secure boot on production modules Jetson Nanos, and I’ve already messed up 2 for the same reason:
First I tried:
sudo ./odmfuse.sh -c PKC -i 0x21 -k rsa_priv.pem
To burn the
public_key_hash expecting to burn
odm_production_mode in another round (just to be sure the fuses were burnt correctly).
But when I checked the fuses on the device with
pkc_disable had value 1, which means secure boot was disabled. So, the unsigned image that was already flashed booted normally.
For the second I tried:
sudo ./odmfuse.sh -c PKC -i 0x21 -p -k rsa_priv.pem
To burn both
public_key_hash at the same time. And as a result I got the same: both fuses burnt correctly plus
pkc_disable also in 1 again.
So, basically my issue is what the title said,
odmfuse.sh is always burning
pkc_disable into 1 even when not instructed to.
I’m using the latest of everything:
Tegra210_Linux_R32.4.2_aarch64.tbz2 L4T release (not latest stable)
secureboot_R32.2.0_aarch64.tbz2 (while writing this I just noticed 32.3.1 is also available)
So, my question is:
Is it a known issue?
Maybe is a version incompatibility issue?
Is there any working sequence of steps to enable secure boot on Jetson Nano? (Documentation and latest version of the script disagree in several points)