When creating the ratchet configuration file for the Jetson AGX Orin, I used the basic example given on the website:
/dts-v1/;
/ {
ratchet {
/* name = <index value> */
mb1bct = <1 0>;
membct = <2 0>;
bpmp_fw_dtb = <3 0>;
mb2rf = <4 0>;
mb2 = <5 0>;
/* index 6 and 7 are reserved */
mb2_applet = <8 0>;
fskp_fw = <9 0>;
/* index 15 is reserved */
spe = <16 0>;
/* index 17 and 18 are reserved */
sce = <19 0>;
rce = <20 0>;
ape = <21 0>;
dce = <22 0>;
eks = <23 0>;
tos = <24 0>;
/* index 25 is reserved */
cpubl = <26 0>;
cpubl_dtb = <27 0>;
};
};
However, I have some questions left:
Are there components such as the kernel, which would be beneficial to give rollback protection too? I can’t find documentation on what values are possible to set in the ratchet config file beyond this example. Is there a complete list of supported components and their corresponding index values?
Is it correct that once the ratchet configuration file is completely set up, I just need to:
Set the OptInEnable fuse to 1 in the fuse config file: <fuse name="OptInEnable" size="4" value="0x1"/>
Burn the fuses and flash the device
Is this sufficient for complete rollback protection across all components?
If these suggestions don’t help and you want to report an issue to us, please attach the model, command/step, and the customized app (if any) with us to reproduce locally.
please refer to $OUT/Linux_for_Tegra/bootloader/generic/BCT/tegra234-mb1-bct-ratchet-p3701-0000.dts for all supported components.
you may see-also other discussion thread, such as Topic 277417 for reference.
Thank you JerrryChang for your answer. The file you pointed out is the same as the description that I mentioned in my post. Can I then assume that other parts such as the kernel can not be rollback protected?
In that case, I will just keep the file as it is and burn the OptInEnable fuse.
Furthermore, in the linked Topic the developer used an older version of L4T. In the description that he used, the following is written:
MB2 ratchet takes effect only when one of the two conditions is met:
SECURITY_MODE fuse is burned, or
OEM_KEY_VALID bit is set in SECURITY_INFO fuse.
In my descpription for L4T 36.4, it says that MB2 ratchet is enabled by default. Does that mean that in my case I just have to burn the OptInEnable fuse with value 0x1 as I wrote and then the rollback protection is enabled or are there further steps required?
Another question regarding the fuses:
I have read in the secure boot chapter, that the whole fusing process is recommended to be done in one go. I want to burn the fuses for secure boot too, that means I will update the fuse config file and add the OptInEnable and then fuse everything in one go. Should it be done like that?
yes, OptInEnable must be 0x1 to enable rollback protection.
this also enables rollback protection for preventing earlier boot images running on this system.