I’ve successfully burned the PKC private key fuse hash, but now when I try to write a new BCT/bootloader with said private key, I get a failure code.
Here is the logs of the PKC fuse burning:
$ sudo ./odmfuse.sh -j -i 0x21 -c PKC -p -k rsa_priv.pem
*** Calculating HASH from keyfile rsa_priv.pem ... done
PKC HASH: 0x[snip]
*** Generating fuse configuration ... done.
done.
*** Start fusing ...
./tegraflash.py --chip 0x21 --applet nvtboot_recovery.bin --cmd "blowfuses odmfuse_pkc.xml;"
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
[ 0.0045 ] Parsing fuse info as per xml file
[ 0.0066 ] tegraparser --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[ 0.0092 ]
[ 0.0093 ] Generating RCM messages
[ 0.0110 ] tegrarcm --listrcm rcm_list.xml --chip 0x21 --download rcm nvtboot_recovery.bin 0 0
[ 0.0128 ] RCM 0 is saved as rcm_0.rcm
[ 0.0135 ] RCM 1 is saved as rcm_1.rcm
[ 0.0136 ] List of rcm files are saved in rcm_list.xml
[ 0.0136 ]
[ 0.0136 ] Signing RCM messages
[ 0.0146 ] tegrasign --key None --list rcm_list.xml --pubkeyhash pub_key.key
[ 0.0157 ] Assuming zero filled SBK key
[ 0.0272 ]
[ 0.0273 ] Copying signature to RCM mesages
[ 0.0302 ] tegrarcm --chip 0x21 --updatesig rcm_list_signed.xml
[ 0.0362 ]
[ 0.0363 ] Boot Rom communication
[ 0.0386 ] tegrarcm --chip 0x21 --rcm rcm_list_signed.xml
[ 0.0410 ] BR_CID: 0x[snip]
[ 0.0423 ] RCM version 0X210001
[ 0.0424 ] Boot Rom communication completed
[ 1.0495 ]
[ 1.0496 ] Blowing fuses
[ 1.0525 ] tegrarcm --oem blowfuses blow_fuse_data.bin
[ 1.0552 ] Applet version 00.01.0000
[ 1.0579 ] Successfully burnt fuses as per fuse info blob
[ 1.0709 ]
*** The fuse configuration is saved in bootloader/odmfuse_pkc.xml
*** The ODM fuse has been secured with PKC keys.
*** Flash "signed BCT and bootloader(s)".
*** done.
And here when trying to write new bootloader:
$ ./tegrarcm --listrcm rcm_list.xml --chip 0x21 --download rcm nvtboot_recovery.bin 0 0
RCM 0 is saved as rcm_0.rcm
RCM 1 is saved as rcm_1.rcm
List of rcm files are saved in rcm_list.xml
$ ./tegrasign --key rsa_priv.pem --list rcm_list.xml --pubkeyhash pub_key.key
PKC key in Open SSL format
Saving public key in pub_key.key
Saving public key Hash as binary: pub_key.hash
Saving public key Hash as big-endian text: pub_key.hash_txt
Saving public key Hash as little-endian(sysfs) text: pub_key.hash_sysfs_txt
$ ./tegrarcm --chip 0x21 --updatesig rcm_list_signed.xml
$ sudo ./tegrarcm --chip 0x21 --rcm rcm_list_signed.xml
BR_CID: 0x[snip]
RCM version 0X13
Boot Rom communication failed
Does anyone know what went wrong here?