Secure boot for agx-xavier flash error

Robotics & Edge Computing Jetson & Embedded Systems Jetson AGX Xavier
,
1

Hi,

I was trying to create a secure boot to an AGX Xavier according to the Secure Boot manual.
The steps I did:

  1. openssl genrsa -out rsa3k.pem 3072
  2. ./bootloader/tegrakeyhash --pkc rsa3k.pem --chip 0x19
  3. generated sbk.key 16 bytes
  4. sudo ./odmfuse.sh -X fuse_rsa3k.xml -i 0x19 jetson-agx-xavier-devkit
    fuse.xml

genericfuse MagicId=“0x45535546” version=“1.0.0”>
fuse name=“PublicKeyHash” size=“32” value=“0x2ead30203cc2fefa0e3940d4ef633dbcd0821980d987f7343943e2d5e9cd9048”/>
fuse name=“Kek0” size=“16” value=“0x18a912b5c91799c01d7a50a97f2bff6d”/>
fuse name=“Kek1” size=“16” value=“0x05056c00c2f368537aa00c63a44ad869”/>
fuse name=“SecureBootKey” size=“16”
value=“0xd05d9745cc1726fd41d72f97107d8713”/>
fuse name=“BootSecurityInfo” size=“4” value=“0x06”/>
fuse name=“SecurityMode” size=“4” value=“0x1”/>
/genericfuse>

  1. *** Unfortunately, the private key has been deleted - human mistake ***
  2. can’t continue to - “sudo ./flash.sh -u rsa3k.pem -v sbk.key jetson-agx-xavier-devkit mmcblk0p1”

Is there any way to recover the target or is there an option to burn new PCK (“PkcPubkeyHash1”) without the private key of PCK #0?

I tried to flash it afterwards with the sdkmanager and it failed.

btw, the jetpack is 5.1.3

3

hello nir51yqu,

did you meant you’ve lost rsa3k.pem (i.e., the input PKC key pair)?

did you meant revocation?
AGX Xavier series does not support Revocation of the PKC Keys.


in short, I’m afraid there’s no way to recover the target.
as you’ve already burn fuse, you MUST given the same input pkc key pair (.pem file) file for image flashing.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.