Secure Boot for Orin NX

Thanks a lot @JerryChang, but probably I missed something. I have raised 4 concerns that I would like to discuss with you.

  1. May I proceed by fusing these values since you are confirming me that it seems everything ok (even if the warnings related to the Assuming zero filled SBK key, and Warning: pub_key.key is not found)? Or do you think that we should investigate why I have these warnings before to fuse? Could be that it depends by the fact that I’m using the ECDSA P-521 key and by the end of the day it is not compatible with Orin NX?

Or I don’t know if there is a problem with the parser (I tried also without parsing the XML, but the result is the same). I’m using the last version of the JetPack 5.1.2.
Can you please advise me?

  1. The check that I did, was to extract the content of the file fuseblob.tbz2 and open the file fuse_KNKhVQ.xml and verify the matching with my values. That’s it. But I don’t know if I should verify something else.

EDIT: In the bootloader folder, I don’t see any pub_key.key. I’m not understanding what is the problem.

  1. Further, since I used ECDSA P-521 key, should I flash the board in this manner?
sudo ./flash.sh -u ecp521.pem -v sbk.key jetson-orin-nano-devkit nvme0n1

where ecp521.pem is the private key (as mentioned in first post), and sbk.key is the SBK key.

I am asking this, because in the guide it is not clear because there is written: <pkc_keyfile>` is an RSA 2K or 3K key file, and in my case it is an ECDSA P-521.

  1. In your cited post, ERROR: might be timeout in USB write after Fuse burning - #8 by JerryChang I didn’t get what are the PscOdmStatic, Kdk0 and the EndorseKey. So, I tried to search, but I did not find any information about it.

If it can be useful, I am suing a seeed studio reComputer J401.