Running odmfuse.sh with No Crypto fails on jetpack 4.4.1 with latest secureboot package

OfirMarcus · February 28, 2021, 4:49pm

Following this post I used the following items, in order to try odmfuse:

secureboot_R32.4.3_aarch64.tbz2
the patched version of tegraparser_v2 provided in the linked post

But the script failed with an error.

$ sudo ./odmfuse.sh -c NS -i 0x18 jetson-tx2-4GB
./tegraflash.py --chip 0x18 --applet "/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/mb1_recovery_prod.bin" --skipuid --cmd "dump eeprom boardinfo cvm.bin" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0027 ] Generating RCM messages
[   0.0036 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x18 0 --download rcm /media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/mb1_recovery_prod.bin 0 0
[   0.0045 ] RCM 0 is saved as rcm_0.rcm
[   0.0050 ] RCM 1 is saved as rcm_1.rcm
[   0.0050 ] List of rcm files are saved in rcm_list.xml
[   0.0050 ] 
[   0.0050 ] Signing RCM messages
[   0.0058 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0065 ] Assuming zero filled SBK key
[   0.0093 ] 
[   0.0093 ] Copying signature to RCM mesages
[   0.0101 ] tegrarcm_v2 --chip 0x18 0 --updatesig rcm_list_signed.xml
[   0.0112 ] 
[   0.0112 ] Boot Rom communication
[   0.0119 ] tegrarcm_v2 --chip 0x18 0 --rcm rcm_list_signed.xml --skipuid
[   0.0127 ] RCM version 0X180001
[   0.0139 ] Boot Rom communication completed
[   1.0211 ] 
[   2.0254 ] tegrarcm_v2 --isapplet
[   2.0280 ] Applet version 01.00.0000
[   2.0471 ] 
[   2.0500 ] Retrieving EEPROM data
[   2.0502 ] tegrarcm_v2 --oem platformdetails eeprom cvm /media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/cvm.bin
[   2.0526 ] Applet version 01.00.0000
[   2.0877 ] Saved platform info in /media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/cvm.bin
[   2.1616 ] 
Board ID(3489) version(300) sku(0888) revision(H.0)
copying sdram_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/P3489_Sku888_4GB_Hynix_4GB_lpddr4_204Mhz_P138_A02_l4t.cfg)... done.
copying misc_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-misc-si-l4t.cfg)... done.
copying pinmux_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-pinmux-quill-p3489-1000-a00.cfg)... done.
copying scr_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/minimal_scr.cfg)... done.
copying scr_cold_boot_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/mobile_scr.cfg)... done.
copying pmc_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-pad-quill-p3489-1000-a00.cfg)... done.
copying pmic_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-pmic-lightning-p3489-1000-a00.cfg)... done.
copying br_cmd_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-bootrom-quill-p3489-1000-a00.cfg)... done.
copying prod_config(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/tegra186-mb1-bct-prod-storm-p3489-1000-a00.cfg)... done.
copying dev_params(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/BCT/emmc.cfg)... done.
Existing mb2_bootloader(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/nvtboot_recovery.bin) reused.
Existing mts_preboot(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/preboot_d15_prod_cr.bin) reused.
Existing mts_bootpack(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/mce_mts_d15_prod_cr.bin) reused.
copying bootloader_dtb(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/kernel/dtb/tegra186-quill-p3489-0888-a00-00-base.dtb)... done.
Existing bpmp_fw(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/bpmp.bin) reused.
copying bpmp_fw_dtb(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/tegra186-a02-bpmp-lightning-p3489-a00-00-te770m.dtb)... done.
Existing tlk(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/tos-trusty.img) reused.
Existing eks(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/eks.img) reused.
Existing mb1file(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/mb1_prod.bin) reused.
Existing spefile(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/spe.bin) reused.
copying tegraboot(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/nvtboot.bin)... done.
Existing tbcfile(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/cboot.bin) reused.
Existing scefile(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/camera-rtcpu-sce.img) reused.
copying wb0boot(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/t186ref/warmboot.bin)... done.
done.
Existing cfg(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/flash.xml) reused.
Existing bl(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/nvtboot_recovery_cpu.bin) reused.
Existing applet(/media/ofirm/Ofir_1TB10/nvidia/nvidia_sdk/JetPack_4.4.1_Linux_JETSON_TX2_4GB/Linux_for_Tegra/bootloader/mb1_recovery_prod.bin) reused.
*** Generating fuse configuration ... done.
*** Start fusing  ... 
./tegraflash.py --sdram_config P3489_Sku888_4GB_Hynix_4GB_lpddr4_204Mhz_P138_A02_l4t.cfg --misc_config tegra186-mb1-bct-misc-si-l4t.cfg --pinmux_config tegra186-mb1-bct-pinmux-quill-p3489-1000-a00.cfg --scr_config minimal_scr.cfg --scr_cold_boot_config mobile_scr.cfg --pmc_config tegra186-mb1-bct-pad-quill-p3489-1000-a00.cfg --pmic_config tegra186-mb1-bct-pmic-lightning-p3489-1000-a00.cfg --br_cmd_config tegra186-mb1-bct-bootrom-quill-p3489-1000-a00.cfg --prod_config tegra186-mb1-bct-prod-storm-p3489-1000-a00.cfg --dev_params emmc.cfg  --bins "mb2_bootloader nvtboot_recovery.bin; mts_preboot preboot_d15_prod_cr.bin; mts_bootpack mce_mts_d15_prod_cr.bin; bootloader_dtb tegra186-quill-p3489-0888-a00-00-base.dtb; bpmp_fw bpmp.bin; bpmp_fw_dtb tegra186-a02-bpmp-lightning-p3489-a00-00-te770m.dtb; tlk tos-trusty.img; eks eks.img" --cfg flash.xml --bl nvtboot_recovery_cpu.bin --odmdata 0x1090000 --chip 0x18 --applet mb1_recovery_prod.bin  --cmd "burnfuses odmfuse_pkc.xml" --skipuid 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0374 ] Burning fuses
[   0.0375 ] Generating RCM messages
[   0.0396 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x18 0 --download rcm mb1_recovery_prod.bin 0 0
[   0.0414 ] RCM 0 is saved as rcm_0.rcm
[   0.0422 ] RCM 1 is saved as rcm_1.rcm
[   0.0422 ] List of rcm files are saved in rcm_list.xml
[   0.0422 ] 
[   0.0422 ] Signing RCM messages
[   0.0442 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key
[   0.0461 ] Assuming zero filled SBK key
[   0.0533 ] 
[   0.0534 ] Copying signature to RCM mesages
[   0.0554 ] tegrarcm_v2 --chip 0x18 0 --updatesig rcm_list_signed.xml
[   0.0586 ] 
[   0.0586 ] Boot Rom communication
[   0.0607 ] tegrarcm_v2 --chip 0x18 0 --rcm rcm_list_signed.xml --skipuid
[   0.0629 ] Boot Rom communication failed
[   5.3142 ] 
[   5.3143 ] Send tboot failed. Bootrom is likely not running, try to detect whether mb1/mb2/cpubl is running.
[   6.3182 ] tegrarcm_v2 --isapplet
[   6.3204 ] Applet version 01.00.0000
[   6.3362 ] 
[   6.3411 ] Parsing fuse info as per xml file
[   6.3437 ] tegraparser_v2 --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
[   6.3460 ] MagicId=0x45535546 version=0x1
[   6.3464 ] node: name=JtagDisable size=4
[   6.3464 ]   value=0x1
[   6.3464 ] Not a valid Fuse entry : PkcDisable
[   6.3464 ] Failed to generate fuse info, ErrNum=4
[   6.3464 ] 
Error: Return value 4
Command tegraparser_v2 --fuse_info odmfuse_pkc.xml blow_fuse_data.bin
failed.

Is it a bug/config issue? what am I missing?

JerryChang · March 2, 2021, 2:17am

hello OfirMarcus,

may I have more details for fusing the board with NS ?

OfirMarcus · March 2, 2021, 9:03am

I am using the dev-kit board.

What else do you need?

With commenting out the following lines in the odmfuse.sh file I was able to create a workaround (and set only the jtag to 1):

Part1:

#	if [ "${fusename}" != "" -a "${fuseval}" != "" ]; then
#		echo -n "<fuse name=\"${fusename}\" " >> ${fusecfg};
#		echo -n "size=\"${fusesize}\" " >> ${fusecfg};
#		echo    "value=\"${fuseval}\" />" >> ${fusecfg};
#		fusecnt=$((fusecnt + 1));
#		if [ "${tid}" = "0x18" ]; then
#			echo -n "<fuse name=" >> ${fusecfg};
#			echo -n "\"BootSecurityInfo\" " >> ${fusecfg};
#			if [ "${SBK}" != "" ]; then
#				bsi="0x6";
#			else
#				bsi="0x2";
#			fi;
#			echo    "size=\"4\" value=\"${bsi}\" />"  >> ${fusecfg};
#			fusecnt=$((fusecnt + 1));
#		elif [ "${tid}" = "0x19" ]; then
#			echo -n "<fuse name=" >> ${fusecfg};
#			echo -n "\"BootSecurityInfo\" " >> ${fusecfg};
#			if [ "${SBK}" != "" ]; then
#				bsi="0x5";
#			else
#				bsi="0x1";
#			fi;
#			# 0x1=2K PKC 0x2=3K PKC
#			echo    "size=\"4\" value=\"${bsi}\" />"  >> ${fusecfg};
#			fusecnt=$((fusecnt + 1));
#		fi;
#	fi;

Part2:

#	if [ "${fusename}" != "" -a "${fuseval}" != "" ]; then
#		echo "<fuse:${fusename};value:${fuseval}>"   >> ${fusecfg};
#		fusecnt=$((fusecnt + 1));
#	fi;

maybe part2 is not needed

JerryChang · March 2, 2021, 9:19am

hello OfirMarcus,

according to developer guide, Secureboot.
NS (Non-Secure) options is only available for T210 series, whereas Jetson TX2 is T186 series.
please also refer to the description for secureboot key,
thanks

OfirMarcus · March 3, 2021, 9:41am

The Secureboot manuall is not up to date.

This is the CLI usage output:

$ ./odmfuse.sh -i 0x18 
Usage:
  ./odmfuse.sh -c <CryptoType> -i <TegraID> -k <KeyFile> [options] TargetBoard

  Where options are,
    -c <CryptoType> ------ NS -- No Crypto, PKC - Public Key Crypto.
    -d <0xXXXX> ---------- sets sec_boot_dev_cfg=0xXXXX&0x3fff.
    -i <TegraID> --------- tegra ID: 0x40-TK1, 0x21-TX1, 0x18-TX2, 0x19-Xavier
    -j ------------------- Keep jtag enabled.
    -k <KeyFile> --------- 2048 bit RSA private KEY file. (.pem file)
    -l <0xXXX> ----------- sets odm_lock=0xXXX. (T186:8bit, T194:12bit)
    -p ------------------- sets production mode.
    -r <0xXX> ------------ sets sw_reserved=0xXX.
    -S <SBK file> -------- 128bit Secure Boot Key file in HEX format.
    --noburn ------------- Prepare fuse blob without actual burning.
    --test --------------- No fuses will be really burned, for test purpose.
    --KEK0 <Key file> ---- 128bit Key Encryption Key file in HEX format.
    --KEK1 <Key file> ---- 128bit Key Encryption Key file in HEX format.
    --KEK2 <Key file> ---- 128bit Key Encryption Key file in HEX format.
    --KEK256 <Key file> -- 256bit Key Encryption Key file in HEX format.
    --odm_reserved[0-7] -- sets 32bit ReservedOdm[0-7]. (Input=0xXXXXXXXX)
    --odm_reserved[8-11] -- sets 32bit ReservedOdm[8-11] (T194 only)

I want only to have the jtag disabled on jetson-tx2-4GB, Is there some other way to do so? or is it not supported?

JerryChang · March 4, 2021, 2:46am

hello OfirMarcus,

that’s indeed an option for odmfuse.sh script file to configure as no crypto,
however, pkc_disable is only support for T210 if you look into documentation for confirmation.
jtag_disable is available to disables JTAG, please use this switch to block use of the JTAG debugger.
thanks

OfirMarcus · March 7, 2021, 9:02am

So how should I use the odmfuse.sh or another script in order to only have the jtag disabled without touching other switches?

JerryChang · March 8, 2021, 12:27am

hello OfirMarcus,

it’s odmfuse.sh to program the fuse,
you may remove -j options in the command-line to disables JTAG,
thanks