Reburn SBK and KEK2 fuses problem

Robotics & Edge Computing Jetson & Embedded Systems Jetson Xavier NX
1

Hi,
I burnt:
0x00001000000000000000 to KEK2
And, 0x0000000 0x00000000 0x0000000 0x01000000 to SBK
And also burnt PKC.

Because of a known issue board stuck in force RCM.

After some read it seems the solution is burn odm production mode.

So I want burn fuses with more secure random keys instead of test keys.

When I pass a new SBK key to odmfuse.sh (online mode) it is stopped with Boot Rom communication error!

When I pass the old test SBK it don’t show this error but there is another error about burn KEK2 that says cannot change bit from 1 to 0.

New KEK2: 0xc2481…

But what is wrong?
The fifth hex digit of old and new KEK2 is 1 so I don’t change bit from 1 to 0.

And how to reburn SBK?

2

So my question is: can I double burn SBK when new SBK contains all bit with value 1 of the old SBK and production mode is not burnt yet?

3

What if i add new SBK in fuse configuration XML file and burn?

5

hello s.r.alavizadeh,

honestly, I’ve never tired this before.


let me double check…
did you obtain all the original key files, are you able to flash the target (and boot-up correctly) with those keys?

6

As I didn’t get a reply here I tried it myself and successfully reburn SBK. Odmfuse.sh has some bugs that I will explain here, ASAP.

It was a Xavier nx that because of burn SBK+PKC without setting odm_production_mode stuck in force recovery mode

7

hello s.r.alavizadeh,

actually, it’s recommended burning all the fuses you need in a single operation, while partial fuse burning is possible if SecurityMode is not burned, it may lead to issues not described in this document.

8

I think someone should update documentation and add a notice about this bug. We are at early development stage so we want to know what happens with SBK+PKC enabled with burning smallest number of bits. So we use 0x00001000…0 for Kek2 and 0x00…01000 for SBK just for testing and we didn’t burn odm_production_mode fuse. After using --test and see successful result we do actual burn and then our Xavier NX board stuck in Force RCM!

After some reading we decided to burn odm production mode, so we need to replace Kek2 and sbk with some random keys that has 1 in those locations.
Odmfuse.sh gives error:

Bug1: odmfuse.sh for burned SBK devices it just needs the old SBK to work. So it should have an argument like --sbk-key that accept the new key.

Bug2: As I mentioned in the first post odmfuse.sh stop with error that kek2 try to change a bit from 1 to 0 that was not true as I didn’t changed 1 to 0. The issue is that it seems fuses in board are in little endian form and odmfuse.sh didn’t convert them to big endian before comparing!

Workaround:
I was able to use fuse.xml file created by --noburn option and then add SecureBootKey manually and
add kek2 and burn without any error.

Again in this burn session I didn’t burn odm_production_mode to be able read SBK and other burned keys.

Finally I burn odm_production_mode and flash device with new keys and device boot and load ubuntu correctly.

9

hello Sralavi,

that’s right, we already request for doc update for adding this into developer guide.

1 Like
11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.