【Reamining Issue】
1、Still don’t know root reason of reboot recovery failed(and Boot Rom Communication failed), bypass with TWO-Step burn method.
2、Need more clearly undertanding the “PkcDisable” fuse and change effect
3、Directly write fuses from /sys/devices/platform/tegra-fuse/nodes seems work too, how does this way affect (badly?)?
4、Just burn KEK fuses right now,will try enable PKC after more test.
I record my test process here:
【xavier】Jetpack 4.3, L4T R32.3.1
【host】ubuntu desktop, 18.04.4 LTS
【boards】2 brand new Jetson AGX Xavier (32G), as decribed Board-A & Board-B below
First Test
【Board ID】Board-A
【odmfuse.sh】official version
【Burn cmd】sudo ./odmfuse.sh -c NS -i 0x19 --KEK2 fuse-key/kek2.txt jetson-xavier
【Fail reason】AS Jerry point,NS mode does NOT accept any key files,
【update 2020.05.20】based on sixth test on Board-B,“NS mode does not accept any key files” seems NOT right,I finally burn kek2 fuse successfull with “-c NS”
Second Test
【Board ID】Board-A
【odmfuse.sh】official version
【Burn cmd】sudo ./odmfuse.sh -c pkc -i 0x19 -k fuse-key/rsa_priv.pem --KEK2 fuse-key/kek2.txt jetson-xavier
【fail reason】Boot Rom Communication failed,
Third Test
【Board ID】Board-A
【odmfuse.sh】official version + custome change
【odmfuse.sh change】change odmfuse.sh and hardcode the boad info, to make call Boot Rom Communication only once, patch
【Burn cmd】sudo ./odmfuse.sh -c pkc -i 0x19 -k fuse-key/rsa_priv.pem --KEK2 fuse-key/kek2.txt jetson-xavier
【Fail reason】Stat for RECFILE failed, zerosbk,
Fourth Test
【Board ID】Board-A
【odmfuse.sh】NOT used
【Burn cmd】NOT used *not burn, directly write to /sys/devices/platform/tegra-fuse/ node **
【Attention】This IS NOT THE WRIGHT WAY by L4T official doc, But it seems works for KEK0/1/2 fuses
【write & test cmd】
cd /sys/devices/platform/tegra-fuse/
echo 0x112233445566778899aabbccddeeff00 > kek2
cat kek2 — will show what you write above,
echo 0x1 > odm_profuction_mode
cat kek2 — still show kek0 value
reboot
cd /sys/devices/platform/tegra-fuse/
cat kek2 ---- after reboot, production_mode effect, read kek2 will show all 0xff
【Attention】when using TA call se_derive_ekb_ek → se_aes_ecb_operation(…, SE_AES_KEYSLOT_KEK2)128B) to devrive the key,I firstly found it‘s SAME as KEK2 = default 0 value. But IT‘s NOT TRUE.
【The reason】 is R32.3.1 demo TA keystore-demo, after derive key by calling se_derive_ekb_ek, it call se_derive_aes_keyslots(keystore-demo.c, line 162), which clean ALL SE keyslots(11-15) includng KEK0/1/2, before my TA work. When My test TA works, all SE keyslots become zero again
Fifth Test
【Board ID】Board-B
【odmfuse.sh】official version
【burn cmd】sudo ./odmfuse.sh -c pkc -p -i 0x19 -k fuse-key/rsa_priv.pem --KEK0 fuse-key/kek0.txt --KEK2 fuse-key/kek2.txt jetson-xavier (newly add -p)
【Failed reason】SAME as above Second Test, Failed at the secondly Boot Rom Communication .
【Conclusion 】odmfuse.sh NOT works directly, there several fix need add/take care
【problem1】odmfuse.sh is ONE-Step burning command, when running without “–noburn”, it call get_board_version which will reboot xavier into recovery mode, but it failed some how. ---- then you will see Boot Rom Communication Failed
【solution1】using TWO-Step burn as L4T Official Doc also advices,first run BOARDID=2888 FAB=400 BOARDSKU=0004 BOARDREV=K.0 ./odmfuse.sh --noburn …(other paras). , secondly untar fuseblob.tbz2 and run fusecmd.sh.
【problem2】some wrong like “Stat for RECFILE failed”
【solution2】this is because odmfuse.sh miss some recover config, you need patch/add “CFGCONV+=”-e /RECDTB-FILE/d “” command. Reference: From ilies.chergui patch, From DaneLLL Patch. These Fix are include in odmfuse.sh of R32.4.2 release.
【problem3】odmfuse.sh does not support “-c NC”
【solution3】odmfuse.sh add “PkcDisbale” fusename when using “-c NC”, but later not recognize by BOM? Reference Patch: From ilies.chergui patch delete which will delte “PkcDisbale” from odmfuse_pkc.xml
