Secure Boot on Jetson Xavier AGX

hello AbdulWasey,

yes, please dig into CBoot sources and apply the patch.
you should follow the readme file for the instructions to build CBoot binary; please rename the binary lk.bin to cboot_t194.bin to use with the Jetson Xavier,
please overwrite it with $OUT/Linux_for_Tegra/bootloader/cboot_t194.bin, you need to enable flash script to Flashing a Specific Partition instead of flashing the whole device by using the command line, ‑k switch.
for example, $ sudo ./flash.sh -r -k cpu-bootloader jetson-xavier mmcblk0p1
thanks

Hi @JerryChang

1. Regarding eks.img I was creating the <fv_for_ekb_ek> using command mentioned in guide
$ openssl rand -rand /dev/urandom -hex 16 > fv_ekb.txt
which gives me a random 16 bytes hex i-e 7fac7cc40b7ff9e9b0102cafc3ee0164
but here in this

Kindly tell me which fv_ekb should I use?

2. Regarding <key2_fuse_key_file> that was in my case is

which in hex is 0x2fbed7068a6aceb4c9e06bbbc6798589while using to generate fuseblob.tbz2
and for <key2_fuse_key_file> it will be '2fbed7068a6aceb4c9e06bbbc6798589` right?

3. Regarding <sym_key_file>which is user key and has 16 bytes hex which I created through same command
$ openssl rand -rand /dev/urandom -hex 16 > sym_key.txt
which i have to use to sign boot files right?

i-e in this command like that--user_key sym_key.txt
4. Regarding

it will be any 16 bytes hex key or it has be used To generate fuseblob.tbz2 in this command

or use in To sign the boot file like user key

5. Regarding

This image file i-e eks.img will be intended to flashed onto EKS partition HOW? Where do I have to put this eks.img? kindly guide me about this

Thanks

hello AbdulWasey,

Q1) the default eks.img is generated with all 0’s (for unfused board) in kek2_key, sym.key, and non-zero sym2.key.
in this case, you should have fe_ekb as bad66eb4484983684b992fe54a648bb8

Q2-4) for generating the EKB, it is a file containing 32 hexadecimal digits that represent the same key, interpreted as a single big-endian 128‑bit value.
this is default KEK2 root key for unfused board, $ echo "00000000000000000000000000000000" > kek2_key.
sym.key is the kernel encryption key.
sym2.key is the disk encryption key.
please use the randomly generated sym.key as the user.key in flash.sh.
you’ll also need to convert the 32 hexadecimal characters format in sym.key to four 8 hexadecimal characters format in user.key.
i.e. 123456789abcdef00fedecba9876543210x12345678 0x9abcdef0 0x0fedcba9 0x87654321

Q5) you should run the script to generate eks.img; and please copy the generated eks.img to $OUT/Linux_for_Tegra/bootloader/eks.img;
after that, please run flash.sh with “-u <rsa_priv.pem> -v <sbk.key> --user_key <user.key>” options to flash the board.
to validate this on the serial port, please look for authenticate_oem_payload: Decrypt the binary on loading of kernel, kernel-dtb and initrd images, to have confirmation.

Hi @JerryChang
I am following the CBoot_Standalone_Readme_t194.txt instructions

but I end up here kindly check why it is giving me toolchain error. Thanks

cowlar@cowlar-PC:~/cBoot$ export CROSS_COMPILE=~/L4T-CC/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-
cowlar@cowlar-PC:~/cBoot$ echo $CROSS_COMPILE
/home/cowlar/L4T-CC/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-
cowlar@cowlar-PC:~/cBoot$ export TEGRA_TOP=$PWD
cowlar@cowlar-PC:~/cBoot$ echo $TEGRA_TOP
/home/cowlar/cBoot
cowlar@cowlar-PC:~/cBoot$ export TOP=$PWD
cowlar@cowlar-PC:~/cBoot$ echo $TOP
/home/cowlar/cBoot
cowlar@cowlar-PC:~/cBoot$ make -C ./bootloader/partner/t18x/cboot PROJECT=t194 TOOLCHAIN_PREFIX="${CROSS_COMPILE}" DEBUG=2 BUILDROOT="${PWD}"/out NV_TARGET_BOARD=t194ref NV_BUILD_SYSTEM_TYPE=l4t NOECHO=@
make: Entering directory '/home/cowlar/cBoot/bootloader/partner/t18x/cboot'
LKROOT=. LKINC=". " make -rR -f ./engine.mk -I. 
make[1]: Entering directory '/home/cowlar/cBoot/bootloader/partner/t18x/cboot'
PROJECT = t194
PLATFORM = t194
TARGET = t194
TEGRA_TOP = /home/cowlar/cBoot
arch/arm64/rules.mk:50: *** cannot find toolchain, please set TOOLCHAIN_PREFIX or add it to your path.  Stop.
make[1]: Leaving directory '/home/cowlar/cBoot/bootloader/partner/t18x/cboot'
makefile:13: recipe for target '_top' failed
make: *** [_top] Error 2
make: Leaving directory '/home/cowlar/cBoot/bootloader/partner/t18x/cboot'
cowlar@cowlar-PC:~/cBoot$ 

hello AbdulWasey,

you’re not configure the toolchains or the path of TOOLCHAIN_PREFIX is incorrect.

BTW,
suggest you have another new discussion thread for tracking CBoot building failure.

OK will check If issue is not resolved will open discussion Thanks

Hi @JerryChang

So If I am using non-zero key2_key, sym.key and sym2.key than I have to change fv_ekb or use the default fv_ekb?
Secondly as you said sym2.key is non-zero by default so what is its value? and sym2.key should also be changed in case key2_key and sym.key are set to non-zero?

Thanks

Hi @JerryChang

Regarding
<keyfile> is an RSA key pair file (a .pem file)
is it same file as <PKC file>? if not what will the size of this file the <PKC file> is 2048-bit long I believe.

Hi @JerryChang

These are the flash logs kindly guide me which files do I have to sign and encrypt? and kindly guide me where are they located in /Linux_for_tegra/and where to put them after signing and encrypting.
Thanks

cowlar@cowlar-PC:~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra$  sudo ./flash.sh jetson-agx-xavier-devkit mmcblk0p1
[sudo] password for cowlar: 
###############################################################################
# L4T BSP Information:
# R32 , REVISION: 5.1
###############################################################################
# Target Board Information:
# Name: jetson-agx-xavier-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: NS, 
# Disk encryption: disabled ,
###############################################################################
copying soft_fuses(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0060 ] Generating RCM messages
[   0.0076 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod.bin zerosbk
[   0.0084 ] Header already present for /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod.bin
[   0.0146 ] 
[   0.0162 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0171 ] Assuming zero filled SBK key
[   0.0194 ] 
[   0.0207 ] tegrasign_v2 --key None --file /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0217 ] Assuming zero filled SBK key
[   0.0224 ] 
[   0.0234 ] tegrahost_v2 --chip 0x19 0 --updatesigheader /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.hash zerosbk
[   0.0294 ] 
[   0.0315 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0347 ] 
[   0.0361 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin 0 0
[   0.0372 ] RCM 0 is saved as rcm_0.rcm
[   0.0433 ] RCM 1 is saved as rcm_1.rcm
[   0.0433 ] RCM 2 is saved as rcm_2.rcm
[   0.0433 ] List of rcm files are saved in rcm_list.xml
[   0.0433 ] 
[   0.0434 ] Signing RCM messages
[   0.0447 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0458 ] Assuming zero filled SBK key
[   0.0466 ] 
[   0.0466 ] Copying signature to RCM mesages
[   0.0477 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0496 ] 
[   0.0497 ] Boot Rom communication
[   0.0510 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.0522 ] RCM version 0X190001
[   0.1860 ] Boot Rom communication completed
[   1.2026 ] 
[   2.2054 ] tegrarcm_v2 --isapplet
[   2.2072 ] Applet version 01.00.0000
[   2.3892 ] 
[   2.3915 ] tegrarcm_v2 --ismb2
[   2.6052 ] 
[   2.6072 ] tegrahost_v2 --chip 0x19 --align nvtboot_applet_t194.bin
[   2.6089 ] 
[   2.6106 ] tegrahost_v2 --chip 0x19 0 --magicid PLDT --appendsigheader nvtboot_applet_t194.bin zerosbk
[   2.6121 ] adding BCH for nvtboot_applet_t194.bin
[   2.6182 ] 
[   2.6207 ] tegrasign_v2 --key None --list nvtboot_applet_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[   2.6222 ] Assuming zero filled SBK key
[   2.6227 ] 
[   2.6244 ] tegrahost_v2 --chip 0x19 0 --updatesigheader nvtboot_applet_t194_sigheader.bin.encrypt nvtboot_applet_t194_sigheader.bin.hash zerosbk
[   2.6272 ] 
[   2.6282 ] tegrarcm_v2 --download mb2 nvtboot_applet_t194_sigheader.bin.encrypt
[   2.6290 ] Applet version 01.00.0000
[   2.8214 ] Sending mb2
[   2.8216 ] [................................................] 100%
[   2.8376 ] 
[   2.8397 ] tegrarcm_v2 --boot recovery
[   2.8414 ] Applet version 01.00.0000
[   3.0378 ] 
[   4.0409 ] tegrarcm_v2 --isapplet
[   4.2212 ] 
[   4.2233 ] tegrarcm_v2 --ismb2
[   4.2247 ] MB2 Applet version 01.00.0000
[   4.4291 ] 
[   4.4309 ] tegrarcm_v2 --ismb2
[   4.4323 ] MB2 Applet version 01.00.0000
[   4.6371 ] 
[   4.6389 ] Retrieving board information
[   4.6408 ] tegrarcm_v2 --oem platformdetails chip chip_info.bin
[   4.6424 ] MB2 Applet version 01.00.0000
[   4.8535 ] Saved platform info in chip_info.bin
[   4.8592 ] Chip minor revision: 2
[   4.8596 ] Bootrom revision: 0xf
[   4.8599 ] Ram code: 0x2
[   4.8601 ] Chip sku: 0xd0
[   4.8604 ] Chip Sample: non es
[   4.8605 ] 
[   4.8610 ] Retrieving EEPROM data
[   4.8610 ] tegrarcm_v2 --oem platformdetails eeprom cvm /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/cvm.bin
[   4.8626 ] MB2 Applet version 01.00.0000
[   5.0656 ] Saved platform info in /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/cvm.bin
[   5.1021 ] 
[   5.1023 ] Rebooting to recovery mode
[   5.1043 ] tegrarcm_v2 --ismb2
[   5.1058 ] MB2 Applet version 01.00.0000
[   5.3040 ] 
[   5.3041 ] Rebooting to recovery mode
[   5.3059 ] tegrarcm_v2 --reboot recovery
[   5.3073 ] MB2 Applet version 01.00.0000
[   5.5509 ] 
Board ID(2888) version(400) sku(0004) revision(L.0)
Copy /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb to /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb.rec
copying bctfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-memcfg-p2888.cfg)... done.
copying bctfile1(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-memcfg-sw-override.cfg)... done.
copying uphy_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg)... done.
copying minratchet_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-ratchet-p2888-0000-p2822-0000.cfg)... done.
copying device_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-bct-device-sdmmc.cfg)... done.
copying misc_cold_boot_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-misc-l4t.cfg)... done.
copying misc_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-misc-flash.cfg)... done.
copying pinmux_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg)... done.
copying gpioint_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg)... done.
copying pmic_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg)... done.
copying pmc_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg)... done.
copying prod_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg)... done.
copying scr_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-scr-cbb-mini.cfg)... done.
copying scr_cold_boot_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-scr-cbb-mini.cfg)... done.
copying bootrom_config(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg)... done.
copying dev_params(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-br-bct-sdmmc.cfg)... done.
Existing bootloader(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/nvtboot_cpu_t194.bin) reused.
copying initrd(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
	populating kernel to rootfs... done.
/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/rootfs/boot/Image
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0046 ] Generating signature
[   0.0055 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0062 ] Assuming zero filled SBK key
[   0.0064 ] 
[   0.0066 ] header_magic: 5614
[   0.0075 ] tegrahost_v2 --chip 0x19 --align 1_Image
[   0.0083 ] 
[   0.0092 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_Image zerosbk
[   0.0099 ] adding BCH for 1_Image
[   0.8835 ] 
[   0.8857 ] tegrasign_v2 --key  --list 1_Image_sigheader_list.xml --pubkeyhash pub_key.key
[   0.8866 ] Assuming zero filled SBK key
[   0.9309 ] 
[   0.9324 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_Image_sigheader.encrypt 1_Image_sigheader.hash zerosbk
[   1.4616 ] 
[   1.4986 ] Signed file: /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/Image_sigheader.encrypt
l4t_sign_image.sh: Generate header for Image_sigheader.encrypt
l4t_sign_image.sh: chip 0x19: add 0x20bf808 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for Image_sigheader.encrypt
l4t_sign_image.sh: the sign header is saved at /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/rootfs/boot/Image.sig
done.
	populating initrd to rootfs... done.
/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/rootfs/boot/initrd
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0046 ] Generating signature
[   0.0055 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0062 ] Assuming zero filled SBK key
[   0.0064 ] 
[   0.0066 ] header_magic: 1f8b0800
[   0.0075 ] tegrahost_v2 --chip 0x19 --align 1_initrd
[   0.0083 ] 
[   0.0092 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_initrd zerosbk
[   0.0100 ] adding BCH for 1_initrd
[   0.1997 ] 
[   0.2018 ] tegrasign_v2 --key  --list 1_initrd_sigheader_list.xml --pubkeyhash pub_key.key
[   0.2027 ] Assuming zero filled SBK key
[   0.2118 ] 
[   0.2133 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_initrd_sigheader.encrypt 1_initrd_sigheader.hash zerosbk
[   0.3120 ] 
[   0.3209 ] Signed file: /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/initrd_sigheader.encrypt
l4t_sign_image.sh: Generate header for initrd_sigheader.encrypt
l4t_sign_image.sh: chip 0x19: add 0x6e6ce8 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for initrd_sigheader.encrypt
l4t_sign_image.sh: the sign header is saved at /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/rootfs/boot/initrd.sig
done.
	populating /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb to rootfs... done.
Making Boot image... done.
/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign boot.img
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0005 ] Generating signature
[   0.0014 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0023 ] Assuming zero filled SBK key
[   0.0024 ] 
[   0.0026 ] header_magic: 414e4452
[   0.0036 ] tegrahost_v2 --chip 0x19 --align 1_boot.img
[   0.0044 ] 
[   0.0053 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_boot.img zerosbk
[   0.0062 ] adding BCH for 1_boot.img
[   1.0681 ] 
[   1.0703 ] tegrasign_v2 --key  --list 1_boot_sigheader.img_list.xml --pubkeyhash pub_key.key
[   1.0713 ] Assuming zero filled SBK key
[   1.1193 ] 
[   1.1209 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_boot_sigheader.img.encrypt 1_boot_sigheader.img.hash zerosbk
[   1.7638 ] 
[   1.8076 ] Signed file: /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.encrypt
l4t_sign_image.sh: Generate header for boot_sigheader.img.encrypt
l4t_sign_image.sh: chip 0x19: add 0x27a7800 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for boot_sigheader.img.encrypt
l4t_sign_image.sh: the signed file is /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.encrypt
done.
Making recovery ramdisk for recovery image...
Re-generating recovery ramdisk for recovery image...
~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/ramdisk_tmp ~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader ~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra
30402 blocks
_BASE_KERNEL_VERSION=4.9.201-tegra
~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/ramdisk_tmp/lib ~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/ramdisk_tmp ~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader ~/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra
65752 blocks
Making Recovery image...
copying recdtbfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb.rec)... done.
20+0 records in
20+0 records out
20 bytes copied, 0.000189866 s, 105 kB/s
Existing sosfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod.bin) reused.
Existing tegraboot(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/nvtboot_t194.bin) reused.
Existing cpu_bootloader(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/nvtboot_cpu_t194.bin) reused.
Existing mb2blfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/nvtboot_recovery_t194.bin) reused.
Existing mtspreboot(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/preboot_c10_prod_cr.bin) reused.
Existing mcepreboot(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mce_c10_prod_cr.bin) reused.
Existing mtsproper(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mts_c10_prod_cr.bin) reused.
Existing mb1file(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/mb1_t194_prod.bin) reused.
Existing bpffile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/bpmp_t194.bin) reused.
copying bpfdtbfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/tegra194-a02-bpmp-p2888-a04.dtb)... done.
Existing scefile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/camera-rtcpu-sce.img) reused.
Existing camerafw(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/camera-rtcpu-rce.img) reused.
Existing spefile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/spe_t194.bin) reused.
Existing drameccfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/dram-ecc.bin) reused.
Existing badpagefile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/badpage.bin) reused.
Existing wb0boot(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/warmboot_t194_prod.bin) reused.
Existing tosfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tos-trusty_t194.img) reused.
Existing eksfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/eks.img) reused.
copying soft_fuses(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying dtbfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb)... done.
Copying nv_boot_control.conf to rootfs
/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign kernel_tegra194-p2888-0001-p2822-0000.dtb
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0006 ] Generating signature
[   0.0016 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0023 ] Assuming zero filled SBK key
[   0.0024 ] 
[   0.0027 ] header_magic: d00dfeed
[   0.0035 ] tegrahost_v2 --chip 0x19 --align 1_kernel_tegra194-p2888-0001-p2822-0000.dtb
[   0.0043 ] 
[   0.0051 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_kernel_tegra194-p2888-0001-p2822-0000.dtb zerosbk
[   0.0060 ] adding BCH for 1_kernel_tegra194-p2888-0001-p2822-0000.dtb
[   0.0137 ] 
[   0.0154 ] tegrasign_v2 --key  --list 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[   0.0162 ] Assuming zero filled SBK key
[   0.0167 ] 
[   0.0178 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.hash zerosbk
[   0.0227 ] 
[   0.0233 ] Signed file: /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: Generate header for kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: chip 0x19: add 0x45209 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: the sign header is saved at kernel_tegra194-p2888-0001-p2822-0000.dtb.sig
done.
/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign kernel_tegra194-p2888-0001-p2822-0000.dtb
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0006 ] Generating signature
[   0.0016 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0024 ] Assuming zero filled SBK key
[   0.0026 ] 
[   0.0028 ] header_magic: d00dfeed
[   0.0040 ] tegrahost_v2 --chip 0x19 --align 1_kernel_tegra194-p2888-0001-p2822-0000.dtb
[   0.0049 ] 
[   0.0057 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_kernel_tegra194-p2888-0001-p2822-0000.dtb zerosbk
[   0.0064 ] adding BCH for 1_kernel_tegra194-p2888-0001-p2822-0000.dtb
[   0.0144 ] 
[   0.0163 ] tegrasign_v2 --key  --list 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[   0.0175 ] Assuming zero filled SBK key
[   0.0184 ] 
[   0.0197 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt 1_kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.hash zerosbk
[   0.0245 ] 
[   0.0251 ] Signed file: /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: Generate header for kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: chip 0x19: add 0x45209 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: the signed file is /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
done.
Making system.img... 
	populating rootfs from /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/rootfs ... done.
	populating /boot/extlinux/extlinux.conf ... done.
	Sync'ing system.img ... done.
	Converting RAW image to Sparse image... done.
system.img built successfully. 
Existing tbcfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/cboot_t194.bin) reused.
copying tbcdtbfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/kernel/dtb/tegra194-p2888-0001-p2822-0000.dtb)... done.
copying cfgfile(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/t186ref/cfg/flash_t194_sdmmc.xml) to flash.xml... done.
Existing flasher(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/nvtboot_recovery_cpu_t194.bin) reused.
Existing flashapp(/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/tegraflash.py) reused.
./tegraflash.py --bl nvtboot_recovery_cpu_t194.bin --sdram_config tegra194-mb1-bct-memcfg-p2888.cfg,tegra194-memcfg-sw-override.cfg  --odmdata 0x9190000 --applet mb1_t194_prod.bin --cmd "flash; reboot" --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg  --cfg flash.xml --chip 0x19 --uphy_config tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg --minratchet_config tegra194-mb1-bct-ratchet-p2888-0000-p2822-0000.cfg --device_config tegra19x-mb1-bct-device-sdmmc.cfg --misc_cold_boot_config tegra194-mb1-bct-misc-l4t.cfg --misc_config tegra194-mb1-bct-misc-flash.cfg --pinmux_config tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg --gpioint_config tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg --pmic_config tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg --pmc_config tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg --prod_config tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg --scr_config tegra194-mb1-bct-scr-cbb-mini.cfg --scr_cold_boot_config tegra194-mb1-bct-scr-cbb-mini.cfg --br_cmd_config tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg --dev_params tegra194-br-bct-sdmmc.cfg  --bin "mb2_bootloader nvtboot_recovery_t194.bin; mts_preboot preboot_c10_prod_cr.bin; mts_mce mce_c10_prod_cr.bin; mts_proper mts_c10_prod_cr.bin; bpmp_fw bpmp_t194.bin; bpmp_fw_dtb tegra194-a02-bpmp-p2888-a04.dtb; spe_fw spe_t194.bin; tlk tos-trusty_t194.img; eks eks.img; bootloader_dtb tegra194-p2888-0001-p2822-0000.dtb"   
saving flash command in /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/flashcmd.txt
saving Windows flash command to /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/flash_win.bat
*** Flashing target device started. ***
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
 
[   0.0017 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0025 ] Assuming zero filled SBK key
[   0.0049 ] 
[   0.0050 ] Generating RCM messages
[   0.0065 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader mb1_t194_prod.bin zerosbk
[   0.0073 ] Header already present for mb1_t194_prod.bin
[   0.0140 ] 
[   0.0152 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0162 ] Assuming zero filled SBK key
[   0.0163 ] 
[   0.0175 ] tegrasign_v2 --key None --file mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0185 ] Assuming zero filled SBK key
[   0.0192 ] 
[   0.0204 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mb1_t194_prod_sigheader.bin mb1_t194_prod_sigheader.hash zerosbk
[   0.0253 ] 
[   0.0273 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg sfuse.bin
[   0.0307 ] 
[   0.0321 ] tegrabct_v2 --chip 0x19 0 --ratchet_blob ratchet_blob.bin --minratchet tegra194-mb1-bct-ratchet-p2888-0000-p2822-0000.cfg
[   0.0332 ] FwIndex: 1, MinRatchetLevel: 0
[   0.0337 ] FwIndex: 2, MinRatchetLevel: 0
[   0.0337 ] FwIndex: 3, MinRatchetLevel: 0
[   0.0337 ] FwIndex: 4, MinRatchetLevel: 0
[   0.0337 ] FwIndex: 5, MinRatchetLevel: 0
[   0.0337 ] FwIndex: 6, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 7, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 8, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 11, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 12, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 13, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 14, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 15, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 16, MinRatchetLevel: 0
[   0.0338 ] FwIndex: 17, MinRatchetLevel: 0
[   0.0339 ] FwIndex: 18, MinRatchetLevel: 0
[   0.0339 ] FwIndex: 19, MinRatchetLevel: 0
[   0.0339 ] FwIndex: 30, MinRatchetLevel: 0
[   0.0339 ] FwIndex: 31, MinRatchetLevel: 0
[   0.0339 ] 
[   0.0354 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm mb1_t194_prod_sigheader.bin 0 0
[   0.0366 ] RCM 0 is saved as rcm_0.rcm
[   0.0419 ] RCM 1 is saved as rcm_1.rcm
[   0.0419 ] RCM 2 is saved as rcm_2.rcm
[   0.0420 ] List of rcm files are saved in rcm_list.xml
[   0.0420 ] 
[   0.0420 ] Signing RCM messages
[   0.0434 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0445 ] Assuming zero filled SBK key
[   0.0453 ] 
[   0.0454 ] Copying signature to RCM mesages
[   0.0469 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0493 ] 
[   0.0494 ] Parsing partition layout
[   0.0514 ] tegraparser_v2 --pt flash.xml.tmp
[   0.0548 ] 
[   0.0549 ] Creating list of images to be signed
[   0.0562 ] tegrahost_v2 --chip 0x19 0 --partitionlayout flash.xml.bin --ratchet_blob ratchet_blob.bin --list images_list.xml zerosbk
[   0.0610 ] MB1: Nvheader already present is mb1_t194_prod.bin
[   0.0619 ] Header already present for mb1_t194_prod_sigheader.bin
[   0.0626 ] MB1: Nvheader already present is mb1_t194_prod.bin
[   0.0669 ] Header already present for mb1_t194_prod_sigheader.bin
[   0.0676 ] adding BCH for spe_t194.bin
[   0.0746 ] adding BCH for spe_t194.bin
[   0.0777 ] adding BCH for nvtboot_t194.bin
[   0.0810 ] adding BCH for nvtboot_t194.bin
[   0.0855 ] Header already present for preboot_c10_prod_cr.bin
[   0.0905 ] Header already present for preboot_c10_prod_cr.bin
[   0.0909 ] Header already present for mce_c10_prod_cr.bin
[   0.0916 ] Header already present for mce_c10_prod_cr.bin
[   0.0935 ] adding BCH for mts_c10_prod_cr.bin
[   0.1040 ] adding BCH for mts_c10_prod_cr.bin
[   0.1935 ] adding BCH for cboot_t194.bin
[   0.2804 ] adding BCH for cboot_t194.bin
[   0.2916 ] adding BCH for tegra194-p2888-0001-p2822-0000.dtb
[   0.3030 ] adding BCH for tegra194-p2888-0001-p2822-0000.dtb
[   0.3103 ] adding BCH for tos-trusty_t194.img
[   0.3188 ] adding BCH for tos-trusty_t194.img
[   0.3289 ] adding BCH for eks.img
[   0.3417 ] adding BCH for eks.img
[   0.3419 ] adding BCH for bpmp_t194.bin
[   0.3444 ] adding BCH for bpmp_t194.bin
[   0.3673 ] adding BCH for tegra194-a02-bpmp-p2888-a04.dtb
[   0.3944 ] adding BCH for tegra194-a02-bpmp-p2888-a04.dtb
[   0.4154 ] adding BCH for camera-rtcpu-rce.img
[   0.4383 ] adding BCH for camera-rtcpu-rce.img
[   0.4457 ] adding BCH for adsp-fw.bin
[   0.4537 ] adding BCH for adsp-fw.bin
[   0.4558 ] Header already present for warmboot_t194_prod.bin
[   0.4584 ] Header already present for warmboot_t194_prod.bin
[   0.4593 ] adding BCH for recovery.img
[   0.5686 ] adding BCH for tegra194-p2888-0001-p2822-0000.dtb.rec
[   1.8379 ] adding BCH for boot.img
[   1.8718 ] adding BCH for boot.img
[   2.9432 ] adding BCH for kernel_tegra194-p2888-0001-p2822-0000.dtb
[   4.1082 ] adding BCH for kernel_tegra194-p2888-0001-p2822-0000.dtb
[   4.1285 ] 
[   4.1286 ] Filling MB1 storage info
[   4.1286 ] Generating br-bct
[   4.1301 ] Performing cfg overlay
[   4.1301 ] ['tegra194-mb1-bct-memcfg-p2888.cfg', 'tegra194-memcfg-sw-override.cfg']
[   4.1304 ] sw_memcfg_overlay.pl -c tegra194-mb1-bct-memcfg-p2888.cfg -s tegra194-memcfg-sw-override.cfg -o /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg
[   4.2034 ] 
[   4.2036 ] Updating dev and MSS params in BR BCT
[   4.2037 ] tegrabct_v2 --dev_param tegra194-br-bct-sdmmc.cfg --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --brbct br_bct.cfg --sfuse tegra194-mb1-soft-fuses-l4t.cfg --chip 0x19 0
[   4.2710 ] 
[   4.2711 ] Updating bl info
[   4.2722 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 0 --updateblinfo flash.xml.bin
[   4.2745 ] 
[   4.2745 ] Generating signatures
[   4.2755 ] tegrasign_v2 --key None --list images_list.xml --pubkeyhash pub_key.key
[   4.2764 ] Assuming zero filled SBK key
[   4.5571 ] 
[   4.5573 ] Generating br-bct
[   4.5591 ] Performing cfg overlay
[   4.5591 ] ['/home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg']
[   4.5591 ] Updating dev and MSS params in BR BCT
[   4.5592 ] tegrabct_v2 --dev_param tegra194-br-bct-sdmmc.cfg --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --brbct br_bct.cfg --sfuse tegra194-mb1-soft-fuses-l4t.cfg --chip 0x19 0
[   4.6265 ] 
[   4.6266 ] Updating bl info
[   4.6279 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 0 --updateblinfo flash.xml.bin --updatesig images_list_signed.xml
[   4.6311 ] 
[   4.6312 ] Updating smd info
[   4.6322 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 --updatesmdinfo flash.xml.bin
[   4.6335 ] 
[   4.6336 ] Updating Odmdata
[   4.6346 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 0 --updatefields Odmdata =0x9190000
[   4.6357 ] 
[   4.6358 ] Get Signed section of bct
[   4.6367 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 0 --listbct bct_list.xml
[   4.6377 ] 
[   4.6387 ] tegrasign_v2 --key None --list bct_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   4.6395 ] Assuming zero filled SBK key
[   4.6398 ] 
[   4.6398 ] Updating BCT with signature
[   4.6408 ] tegrabct_v2 --brbct br_bct_BR.bct --chip 0x19 0 --updatesig bct_list_signed.xml
[   4.6421 ] 
[   4.6422 ] Generating coldboot mb1-bct
[   4.6440 ] tegrabct_v2 --chip 0x19 0 --mb1bct mb1_cold_boot_bct.cfg --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --misc tegra194-mb1-bct-misc-l4t.cfg --scr tegra194-mb1-bct-scr-cbb-mini.cfg --pinmux tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg --pmc tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg --pmic tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg --brcommand tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg --prod tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg --gpioint tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg --uphy tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg --device tegra19x-mb1-bct-device-sdmmc.cfg
[   4.6451 ] MB1-BCT version: 0x1

[   4.6455 ] Parsing config file :tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg 
[   4.6462 ] Added Platform Config 0 data with size :- 3008

[   4.6485 ] Parsing config file :tegra194-mb1-bct-scr-cbb-mini.cfg 
[   4.6490 ] Added Platform Config 1 data with size :- 19640

[   4.6680 ] Parsing config file :tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg 
[   4.6685 ] Added Platform Config 2 data with size :- 24

[   4.6688 ] Parsing config file :tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg 
[   4.6693 ] Added Platform Config 4 data with size :- 348

[   4.6696 ] Parsing config file :tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg 
[   4.6702 ] Added Platform Config 3 data with size :- 92
[   4.6702 ] 
[   4.6702 ] Parsing config file :tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg 
[   4.6702 ] Added Platform Config 5 data with size :- 56
[   4.6702 ] 
[   4.6702 ] Parsing config file :tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg 
[   4.6702 ] Added Platform Config 7 data with size :- 392
[   4.6702 ] 
[   4.6702 ] Parsing config file :tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg 
[   4.6702 ] Added Platform Config 8 data with size :- 12
[   4.6703 ] 
[   4.6703 ] Parsing config file :tegra19x-mb1-bct-device-sdmmc.cfg 
[   4.6703 ] Added Platform Config 9 data with size :- 32
[   4.6703 ] 
[   4.6704 ] Updating mb1-bct with firmware information
[   4.6714 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_cold_boot_bct_MB1.bct --updatefwinfo flash.xml.bin
[   4.6722 ] MB1-BCT version: 0x1
[   4.6726 ] 
[   4.6726 ] Updating mb1-bct with storage information
[   4.6736 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_cold_boot_bct_MB1.bct --updatestorageinfo flash.xml.bin
[   4.6745 ] MB1-BCT version: 0x1
[   4.6750 ] 
[   4.6750 ] Updating mb1-bct with ratchet information
[   4.6763 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_cold_boot_bct_MB1.bct --minratchet tegra194-mb1-bct-ratchet-p2888-0000-p2822-0000.cfg
[   4.6775 ] MB1-BCT version: 0x1
[   4.6778 ] FwIndex: 1, MinRatchetLevel: 0
[   4.6779 ] FwIndex: 2, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 3, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 4, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 5, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 6, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 7, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 8, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 11, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 12, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 13, MinRatchetLevel: 0
[   4.6780 ] FwIndex: 14, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 15, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 16, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 17, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 18, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 19, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 30, MinRatchetLevel: 0
[   4.6781 ] FwIndex: 31, MinRatchetLevel: 0
[   4.6781 ] 
[   4.6789 ] tegrahost_v2 --chip 0x19 --align mb1_cold_boot_bct_MB1.bct
[   4.6800 ] 
[   4.6811 ] tegrahost_v2 --chip 0x19 0 --magicid MBCT --ratchet_blob ratchet_blob.bin --appendsigheader mb1_cold_boot_bct_MB1.bct zerosbk
[   4.6820 ] adding BCH for mb1_cold_boot_bct_MB1.bct
[   4.6833 ] 
[   4.6844 ] tegrasign_v2 --key None --list mb1_cold_boot_bct_MB1_sigheader.bct_list.xml --pubkeyhash pub_key.key
[   4.6853 ] Assuming zero filled SBK key
[   4.6856 ] 
[   4.6868 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mb1_cold_boot_bct_MB1_sigheader.bct.encrypt mb1_cold_boot_bct_MB1_sigheader.bct.hash zerosbk
[   4.6888 ] 
[   4.6889 ] Generating recovery mb1-bct
[   4.6901 ] tegrabct_v2 --chip 0x19 0 --mb1bct mb1_bct.cfg --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --misc tegra194-mb1-bct-misc-flash.cfg --scr tegra194-mb1-bct-scr-cbb-mini.cfg --pinmux tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg --pmc tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg --pmic tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg --brcommand tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg --prod tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg --gpioint tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg --uphy tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg --device tegra19x-mb1-bct-device-sdmmc.cfg
[   4.6909 ] MB1-BCT version: 0x1

[   4.6912 ] Parsing config file :tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg 
[   4.6919 ] Added Platform Config 0 data with size :- 3008

[   4.6939 ] Parsing config file :tegra194-mb1-bct-scr-cbb-mini.cfg 
[   4.6944 ] Added Platform Config 1 data with size :- 19640

[   4.7124 ] Parsing config file :tegra19x-mb1-padvoltage-p2888-0000-a00-p2822-0000-a00.cfg 
[   4.7129 ] Added Platform Config 2 data with size :- 24

[   4.7132 ] Parsing config file :tegra194-mb1-bct-pmic-p2888-0001-a04-E-0-p2822-0000.cfg 
[   4.7137 ] Added Platform Config 4 data with size :- 348
[   4.7139 ] 
[   4.7139 ] Parsing config file :tegra194-mb1-bct-reset-p2888-0000-p2822-0000.cfg 
[   4.7139 ] Added Platform Config 3 data with size :- 92
[   4.7140 ] 
[   4.7140 ] Parsing config file :tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg 
[   4.7140 ] Added Platform Config 5 data with size :- 56
[   4.7140 ] 
[   4.7140 ] Parsing config file :tegra194-mb1-bct-gpioint-p2888-0000-p2822-0000.cfg 
[   4.7140 ] Added Platform Config 7 data with size :- 392
[   4.7140 ] 
[   4.7140 ] Parsing config file :tegra194-mb1-uphy-lane-p2888-0000-p2822-0000.cfg 
[   4.7140 ] Added Platform Config 8 data with size :- 12
[   4.7140 ] 
[   4.7140 ] Parsing config file :tegra19x-mb1-bct-device-sdmmc.cfg 
[   4.7141 ] Added Platform Config 9 data with size :- 32
[   4.7141 ] 
[   4.7141 ] Updating mb1-bct with firmware information
[   4.7153 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_bct_MB1.bct --updatefwinfo flash.xml.bin
[   4.7162 ] MB1-BCT version: 0x1
[   4.7166 ] 
[   4.7166 ] Updating mb1-bct with storage information
[   4.7176 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_bct_MB1.bct --updatestorageinfo flash.xml.bin
[   4.7185 ] MB1-BCT version: 0x1
[   4.7190 ] 
[   4.7191 ] Updating mb1-bct with ratchet information
[   4.7201 ] tegrabct_v2 --chip 0x19 --mb1bct mb1_bct_MB1.bct --minratchet tegra194-mb1-bct-ratchet-p2888-0000-p2822-0000.cfg
[   4.7212 ] MB1-BCT version: 0x1
[   4.7215 ] FwIndex: 1, MinRatchetLevel: 0
[   4.7216 ] FwIndex: 2, MinRatchetLevel: 0
[   4.7216 ] FwIndex: 3, MinRatchetLevel: 0
[   4.7216 ] FwIndex: 4, MinRatchetLevel: 0
[   4.7216 ] FwIndex: 5, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 6, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 7, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 8, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 11, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 12, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 13, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 14, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 15, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 16, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 17, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 18, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 19, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 30, MinRatchetLevel: 0
[   4.7217 ] FwIndex: 31, MinRatchetLevel: 0
[   4.7218 ] 
[   4.7226 ] tegrahost_v2 --chip 0x19 --align mb1_bct_MB1.bct
[   4.7234 ] 
[   4.7245 ] tegrahost_v2 --chip 0x19 0 --magicid MBCT --ratchet_blob ratchet_blob.bin --appendsigheader mb1_bct_MB1.bct zerosbk
[   4.7254 ] adding BCH for mb1_bct_MB1.bct
[   4.7264 ] 
[   4.7277 ] tegrasign_v2 --key None --list mb1_bct_MB1_sigheader.bct_list.xml --pubkeyhash pub_key.key
[   4.7288 ] Assuming zero filled SBK key
[   4.7291 ] 
[   4.7302 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mb1_bct_MB1_sigheader.bct.encrypt mb1_bct_MB1_sigheader.bct.hash zerosbk
[   4.7319 ] 
[   4.7321 ] Generating coldboot mem-bct
[   4.7332 ] tegrabct_v2 --chip 0x19 0 --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --membct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_1.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_2.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_3.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_4.bct
[   4.7340 ] Packing sdram param for instance[0]
[   4.8008 ] Packing sdram param for instance[1]
[   4.8011 ] Packing sdram param for instance[2]
[   4.8012 ] Packing sdram param for instance[3]
[   4.8012 ] Packing sdram param for instance[4]
[   4.8012 ] Packing sdram param for instance[5]
[   4.8012 ] Packing sdram param for instance[6]
[   4.8013 ] Packing sdram param for instance[7]
[   4.8013 ] Packing sdram param for instance[8]
[   4.8013 ] Packing sdram param for instance[9]
[   4.8013 ] Packing sdram param for instance[10]
[   4.8013 ] Packing sdram param for instance[11]
[   4.8013 ] Packing sdram param for instance[12]
[   4.8013 ] Packing sdram param for instance[13]
[   4.8013 ] Packing sdram param for instance[14]
[   4.8013 ] Packing sdram param for instance[15]
[   4.8013 ] 
[   4.8014 ] Getting sector size from pt
[   4.8026 ] tegraparser_v2 --getsectorsize flash.xml.bin sector_info.bin
[   4.8037 ] 
[   4.8038 ] BlockSize read from layout is 200

[   4.8049 ] tegrahost_v2 --chip 0x19 0 --blocksize 512 --magicid MEMB --addsigheader_multi /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_1.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_2.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_3.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_4.bct
[   4.8058 ] adding BCH for /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_1.bct
[   4.8087 ] 
[   4.8096 ] tegrahost_v2 --chip 0x19 --align mem_coldboot.bct
[   4.8106 ] 
[   4.8117 ] tegrahost_v2 --chip 0x19 0 --magicid MEMB --ratchet_blob ratchet_blob.bin --appendsigheader mem_coldboot.bct zerosbk
[   4.8126 ] Header already present for mem_coldboot.bct
[   4.8130 ] 
[   4.8142 ] tegrasign_v2 --key None --list mem_coldboot_sigheader.bct_list.xml --pubkeyhash pub_key.key
[   4.8151 ] Assuming zero filled SBK key
[   4.8156 ] 
[   4.8169 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mem_coldboot_sigheader.bct.encrypt mem_coldboot_sigheader.bct.hash zerosbk
[   4.8182 ] 
[   4.8183 ] Generating recovery mem-bct
[   4.8194 ] tegrabct_v2 --chip 0x19 0 --sdram /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1.cfg --membct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_1.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_2.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_3.bct /home/cowlar/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_AGX_XAVIER/Linux_for_Tegra/bootloader/22822/tmppplm0mim1_4.bct
[   4.8203 ] Packing sdram param for instance[0]
[   4.8871 ] Packing sdram param for instance[1]
[   4.8874 ] Packing sdram param for instance[2]
[   4.8876 ] Packing sdram param for instance[3]
[   4.8876 ] Packing sdram param for instance[4]
[   4.8876 ] Packing sdram param for instance[5]
[   4.8876 ] Packing sdram param for instance[6]
[   4.8877 ] Packing sdram param for instance[7]
[   4.8877 ] Packing sdram param for instance[8]
[   4.8877 ] Packing sdram param for instance[9]
[   4.8877 ] Packing sdram param for instance[10]
[   4.8877 ] Packing sdram param for instance[11]
[   4.8877 ] Packing sdram param for instance[12]
[   4.8877 ] Packing sdram param for instance[13]
[   4.8877 ] Packing sdram param for instance[14]
[   4.8877 ] Packing sdram param for instance[15]
[   4.8877 ] 
[   4.8879 ] Reading ramcode from backup chip_info.bin file
[   4.8894 ] RAMCODE Read from Device: 2

[   4.8895 ] Disabled BPMP dtb trim, using default dtb
[   4.8895 ] 
[   4.8909 ] tegrahost_v2 --chip 0x19 --align mem_rcm.bct
[   4.8919 ] 
[   4.8930 ] tegrahost_v2 --chip 0x19 0 --magicid MEMB --ratchet_blob ratchet_blob.bin --appendsigheader mem_rcm.bct zerosbk
[   4.8939 ] adding BCH for mem_rcm.bct
[   4.8954 ] 
[   4.8967 ] tegrasign_v2 --key None --list mem_rcm_sigheader.bct_list.xml --pubkeyhash pub_key.key
[   4.8977 ] Assuming zero filled SBK key
[   4.8979 ] 
[   4.8994 ] tegrahost_v2 --chip 0x19 0 --updatesigheader mem_rcm_sigheader.bct.encrypt mem_rcm_sigheader.bct.hash zerosbk
[   4.9017 ] 
[   4.9018 ] Copying signatures
[   4.9028 ] tegrahost_v2 --chip 0x19 0 --partitionlayout flash.xml.bin --updatesig images_list_signed.xml
[   7.2413 ] 
[   7.2414 ] Boot Rom communication
[   7.2433 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml
[   7.2443 ] BR_CID: 0x88021911647d15030400000002010040
[   7.3128 ] RCM version 0X190001
[   7.4209 ] Boot Rom communication completed
[   8.4374 ] 
[   9.4405 ] tegrarcm_v2 --isapplet
[   9.4420 ] Applet version 01.00.0000
[   9.6242 ] 
[   9.6243 ] Sending BCTs
[   9.6262 ] tegrarcm_v2 --download bct_bootrom br_bct_BR.bct --download bct_mb1 mb1_bct_MB1_sigheader.bct.encrypt --download bct_mem mem_rcm_sigheader.bct.encrypt
[   9.6276 ] Applet version 01.00.0000
[   9.8406 ] Sending bct_bootrom
[   9.8409 ] [................................................] 100%
[   9.8434 ] Sending bct_mb1
[   9.8489 ] [................................................] 100%
[   9.8543 ] Sending bct_mem
[   9.9006 ] [................................................] 100%
[   9.9851 ] 
[   9.9852 ] Generating blob
[   9.9872 ] tegrahost_v2 --chip 0x19 --align blob_nvtboot_recovery_cpu_t194.bin
[   9.9889 ] 
[   9.9905 ] tegrahost_v2 --chip 0x19 0 --magicid CPBL --ratchet_blob ratchet_blob.bin --appendsigheader blob_nvtboot_recovery_cpu_t194.bin zerosbk
[   9.9918 ] adding BCH for blob_nvtboot_recovery_cpu_t194.bin
[  10.0036 ] 
[  10.0059 ] tegrasign_v2 --key None --list blob_nvtboot_recovery_cpu_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.0071 ] Assuming zero filled SBK key
[  10.0077 ] 
[  10.0091 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_nvtboot_recovery_cpu_t194_sigheader.bin.encrypt blob_nvtboot_recovery_cpu_t194_sigheader.bin.hash zerosbk
[  10.0143 ] 
[  10.0157 ] tegrahost_v2 --chip 0x19 --align blob_nvtboot_recovery_t194.bin
[  10.0168 ] 
[  10.0179 ] tegrahost_v2 --chip 0x19 0 --magicid MB2B --ratchet_blob ratchet_blob.bin --appendsigheader blob_nvtboot_recovery_t194.bin zerosbk
[  10.0189 ] adding BCH for blob_nvtboot_recovery_t194.bin
[  10.0242 ] 
[  10.0256 ] tegrasign_v2 --key None --list blob_nvtboot_recovery_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.0266 ] Assuming zero filled SBK key
[  10.0271 ] 
[  10.0284 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_nvtboot_recovery_t194_sigheader.bin.encrypt blob_nvtboot_recovery_t194_sigheader.bin.hash zerosbk
[  10.0318 ] 
[  10.0331 ] tegrahost_v2 --chip 0x19 --align blob_preboot_c10_prod_cr.bin
[  10.0344 ] 
[  10.0355 ] tegrahost_v2 --chip 0x19 0 --magicid MTSP --ratchet_blob ratchet_blob.bin --appendsigheader blob_preboot_c10_prod_cr.bin zerosbk
[  10.0366 ] Header already present for blob_preboot_c10_prod_cr.bin
[  10.0372 ] 
[  10.0385 ] tegrasign_v2 --key None --list blob_preboot_c10_prod_cr_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.0395 ] Assuming zero filled SBK key
[  10.0399 ] 
[  10.0413 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_preboot_c10_prod_cr_sigheader.bin.encrypt blob_preboot_c10_prod_cr_sigheader.bin.hash zerosbk
[  10.0431 ] 
[  10.0445 ] tegrahost_v2 --chip 0x19 --align blob_mce_c10_prod_cr.bin
[  10.0457 ] 
[  10.0468 ] tegrahost_v2 --chip 0x19 0 --magicid MTSM --ratchet_blob ratchet_blob.bin --appendsigheader blob_mce_c10_prod_cr.bin zerosbk
[  10.0492 ] Header already present for blob_mce_c10_prod_cr.bin
[  10.0520 ] 
[  10.0536 ] tegrasign_v2 --key None --list blob_mce_c10_prod_cr_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.0548 ] Assuming zero filled SBK key
[  10.0554 ] 
[  10.0564 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_mce_c10_prod_cr_sigheader.bin.encrypt blob_mce_c10_prod_cr_sigheader.bin.hash zerosbk
[  10.0603 ] 
[  10.0615 ] tegrahost_v2 --chip 0x19 --align blob_mts_c10_prod_cr.bin
[  10.0624 ] 
[  10.0634 ] tegrahost_v2 --chip 0x19 0 --magicid MTSB --ratchet_blob ratchet_blob.bin --appendsigheader blob_mts_c10_prod_cr.bin zerosbk
[  10.0643 ] adding BCH for blob_mts_c10_prod_cr.bin
[  10.1550 ] 
[  10.1565 ] tegrasign_v2 --key None --list blob_mts_c10_prod_cr_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.1575 ] Assuming zero filled SBK key
[  10.1617 ] 
[  10.1634 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_mts_c10_prod_cr_sigheader.bin.encrypt blob_mts_c10_prod_cr_sigheader.bin.hash zerosbk
[  10.2120 ] 
[  10.2133 ] tegrahost_v2 --chip 0x19 --align blob_bpmp_t194.bin
[  10.2144 ] 
[  10.2154 ] tegrahost_v2 --chip 0x19 0 --magicid BPMF --ratchet_blob ratchet_blob.bin --appendsigheader blob_bpmp_t194.bin zerosbk
[  10.2163 ] adding BCH for blob_bpmp_t194.bin
[  10.2405 ] 
[  10.2421 ] tegrasign_v2 --key None --list blob_bpmp_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.2432 ] Assuming zero filled SBK key
[  10.2444 ] 
[  10.2457 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_bpmp_t194_sigheader.bin.encrypt blob_bpmp_t194_sigheader.bin.hash zerosbk
[  10.2628 ] 
[  10.2644 ] tegrahost_v2 --chip 0x19 --align blob_tegra194-a02-bpmp-p2888-a04.dtb
[  10.2657 ] 
[  10.2670 ] tegrahost_v2 --chip 0x19 0 --magicid BPMD --ratchet_blob ratchet_blob.bin --appendsigheader blob_tegra194-a02-bpmp-p2888-a04.dtb zerosbk
[  10.2680 ] adding BCH for blob_tegra194-a02-bpmp-p2888-a04.dtb
[  10.2888 ] 
[  10.2903 ] tegrasign_v2 --key None --list blob_tegra194-a02-bpmp-p2888-a04_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[  10.2914 ] Assuming zero filled SBK key
[  10.2925 ] 
[  10.2940 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt blob_tegra194-a02-bpmp-p2888-a04_sigheader.dtb.hash zerosbk
[  10.3094 ] 
[  10.3108 ] tegrahost_v2 --chip 0x19 --align blob_spe_t194.bin
[  10.3119 ] 
[  10.3135 ] tegrahost_v2 --chip 0x19 0 --magicid SPEF --ratchet_blob ratchet_blob.bin --appendsigheader blob_spe_t194.bin zerosbk
[  10.3148 ] adding BCH for blob_spe_t194.bin
[  10.3176 ] 
[  10.3187 ] tegrasign_v2 --key None --list blob_spe_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[  10.3197 ] Assuming zero filled SBK key
[  10.3202 ] 
[  10.3217 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_spe_t194_sigheader.bin.encrypt blob_spe_t194_sigheader.bin.hash zerosbk
[  10.3250 ] 
[  10.3262 ] tegrahost_v2 --chip 0x19 --align blob_tos-trusty_t194.img
[  10.3272 ] 
[  10.3283 ] tegrahost_v2 --chip 0x19 0 --magicid TOSB --ratchet_blob ratchet_blob.bin --appendsigheader blob_tos-trusty_t194.img zerosbk
[  10.3293 ] adding BCH for blob_tos-trusty_t194.img
[  10.3420 ] 
[  10.3435 ] tegrasign_v2 --key None --list blob_tos-trusty_t194_sigheader.img_list.xml --pubkeyhash pub_key.key
[  10.3446 ] Assuming zero filled SBK key
[  10.3453 ] 
[  10.3469 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_tos-trusty_t194_sigheader.img.encrypt blob_tos-trusty_t194_sigheader.img.hash zerosbk
[  10.3536 ] 
[  10.3551 ] tegrahost_v2 --chip 0x19 --align blob_eks.img
[  10.3564 ] 
[  10.3577 ] tegrahost_v2 --chip 0x19 0 --magicid EKSB --ratchet_blob ratchet_blob.bin --appendsigheader blob_eks.img zerosbk
[  10.3588 ] adding BCH for blob_eks.img
[  10.3590 ] 
[  10.3605 ] tegrasign_v2 --key None --list blob_eks_sigheader.img_list.xml --pubkeyhash pub_key.key
[  10.3615 ] Assuming zero filled SBK key
[  10.3618 ] 
[  10.3631 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_eks_sigheader.img.encrypt blob_eks_sigheader.img.hash zerosbk
[  10.3646 ] 
[  10.3656 ] tegrahost_v2 --chip 0x19 --align blob_tegra194-p2888-0001-p2822-0000.dtb
[  10.3665 ] 
[  10.3675 ] tegrahost_v2 --chip 0x19 0 --magicid CDTB --ratchet_blob ratchet_blob.bin --appendsigheader blob_tegra194-p2888-0001-p2822-0000.dtb zerosbk
[  10.3684 ] adding BCH for blob_tegra194-p2888-0001-p2822-0000.dtb
[  10.3795 ] 
[  10.3810 ] tegrasign_v2 --key None --list blob_tegra194-p2888-0001-p2822-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[  10.3827 ] Assuming zero filled SBK key
[  10.3839 ] 
[  10.3852 ] tegrahost_v2 --chip 0x19 0 --updatesigheader blob_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt blob_tegra194-p2888-0001-p2822-0000_sigheader.dtb.hash zerosbk
[  10.3922 ] 
[  10.3940 ] tegrahost_v2 --chip 0x19 --generateblob blob.xml blob.bin
[  10.3950 ] number of images in blob are 11
[  10.3954 ] blobsize is 6381592
[  10.3956 ] Added binary blob_nvtboot_recovery_cpu_t194_sigheader.bin.encrypt of size 260032
[  10.3987 ] Added binary blob_nvtboot_recovery_t194_sigheader.bin.encrypt of size 130928
[  10.3993 ] Added binary blob_preboot_c10_prod_cr_sigheader.bin.encrypt of size 24016
[  10.3999 ] Added binary blob_mce_c10_prod_cr_sigheader.bin.encrypt of size 143200
[  10.4004 ] Added binary blob_mts_c10_prod_cr_sigheader.bin.encrypt of size 3430416
[  10.4010 ] Added binary blob_bpmp_t194_sigheader.bin.encrypt of size 856352
[  10.4020 ] Added binary blob_tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt of size 746752
[  10.4026 ] Added binary blob_spe_t194_sigheader.bin.encrypt of size 94960
[  10.4030 ] Added binary blob_tos-trusty_t194_sigheader.img.encrypt of size 402368
[  10.4035 ] Added binary blob_eks_sigheader.img.encrypt of size 5136
[  10.4039 ] Added binary blob_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt of size 287248
[  10.4065 ] 
[  10.4066 ] Sending bootloader and pre-requisite binaries
[  10.4079 ] tegrarcm_v2 --download blob blob.bin
[  10.4087 ] Applet version 01.00.0000
[  10.6768 ] Sending blob
[  10.6770 ] [................................................] 100%
[  11.5892 ] 
[  11.5911 ] tegrarcm_v2 --boot recovery
[  11.5926 ] Applet version 01.00.0000
[  11.7769 ] 
[  12.7800 ] tegrarcm_v2 --isapplet
[  13.3787 ] 
[  13.3807 ] tegrarcm_v2 --ismb2
[  13.5642 ] 
[  13.5704 ] tegradevflash_v2 --iscpubl
[  13.5724 ] Bootloader version 01.00.0000
[  13.6766 ] Bootloader version 01.00.0000
[  13.6803 ] 
[  13.6803 ] Retrieving storage infomation
[  13.6825 ] tegrarcm_v2 --oem platformdetails storage storage_info.bin
[  13.6841 ] Applet is not running on device. Continue with Bootloader
[  13.9446 ] 
[  13.9467 ] tegradevflash_v2 --oem platformdetails storage storage_info.bin
[  13.9485 ] Bootloader version 01.00.0000
[  14.0206 ] Saved platform info in storage_info.bin
[  14.0247 ] 
[  14.0248 ] Flashing the device
[  14.0267 ] tegraparser_v2 --storageinfo storage_info.bin --generategpt --pt flash.xml.bin
[  14.0290 ] 
[  14.0306 ] tegradevflash_v2 --pt flash.xml.bin --create
[  14.0319 ] Bootloader version 01.00.0000
[  14.1285 ] Erasing sdmmc_boot: 3 ......... [Done]
[  15.1698 ] Writing partition secondary_gpt with gpt_secondary_0_3.bin
[  15.1707 ] [................................................] 100%

[  15.2054 ] Erasing sdmmc_user: 3 ......... [Done]
[  15.9906 ] Writing partition master_boot_record with mbr_1_3.bin
[  15.9914 ] [................................................] 100%
[  15.9940 ] Writing partition primary_gpt with gpt_primary_1_3.bin
[  16.0017 ] [................................................] 100%
[  16.0048 ] Writing partition secondary_gpt with gpt_secondary_1_3.bin
[  16.0260 ] [................................................] 100%

[  16.0493 ] Writing partition mb1 with mb1_t194_prod_sigheader.bin.encrypt
[  16.0502 ] [................................................] 100%
[  16.0615 ] Writing partition mb1_b with mb1_t194_prod_sigheader.bin.encrypt
[  16.0893 ] [................................................] 100%
[  16.1006 ] Writing partition spe-fw with spe_t194_sigheader.bin.encrypt
[  16.2017 ] [................................................] 100%
[  16.2075 ] Writing partition spe-fw_b with spe_t194_sigheader.bin.encrypt
[  16.2286 ] [................................................] 100%
[  16.2341 ] Writing partition mb2 with nvtboot_t194_sigheader.bin.encrypt
[  16.2557 ] [................................................] 100%
[  16.2640 ] Writing partition mb2_b with nvtboot_t194_sigheader.bin.encrypt
[  16.2878 ] [................................................] 100%
[  16.2956 ] Writing partition mts-preboot with preboot_c10_prod_cr_sigheader.bin.encrypt
[  16.3195 ] [................................................] 100%
[  16.3225 ] Writing partition mts-preboot_b with preboot_c10_prod_cr_sigheader.bin.encrypt
[  16.4161 ] [................................................] 100%
[  16.4192 ] Writing partition SMD with slot_metadata.bin
[  16.4389 ] [................................................] 100%
[  16.4455 ] Writing partition SMD_b with slot_metadata.bin
[  16.4591 ] [................................................] 100%
[  16.4619 ] Writing partition VER_b with emmc_bootblob_ver.txt
[  16.4758 ] [................................................] 100%
[  16.4788 ] Writing partition VER with emmc_bootblob_ver.txt
[  16.4926 ] [................................................] 100%
[  16.4956 ] Writing partition master_boot_record with mbr_1_3.bin
[  16.5093 ] [................................................] 100%
[  16.5122 ] Writing partition APP with system.img
[  16.5202 ] [................................................] 100%
[ 274.1413 ] Writing partition mts-mce with mce_c10_prod_cr_sigheader.bin.encrypt
[ 274.1810 ] [................................................] 100%
[ 274.1886 ] Writing partition mts-mce_b with mce_c10_prod_cr_sigheader.bin.encrypt
[ 274.2088 ] [................................................] 100%
[ 274.2156 ] Writing partition mts-proper with mts_c10_prod_cr_sigheader.bin.encrypt
[ 274.2356 ] [................................................] 100%
[ 274.3887 ] Writing partition mts-proper_b with mts_c10_prod_cr_sigheader.bin.encrypt
[ 274.4093 ] [................................................] 100%
[ 274.5724 ] Writing partition cpu-bootloader with cboot_t194_sigheader.bin.encrypt
[ 274.5938 ] [................................................] 100%
[ 274.6111 ] Writing partition cpu-bootloader_b with cboot_t194_sigheader.bin.encrypt
[ 274.6327 ] [................................................] 100%
[ 274.6497 ] Writing partition bootloader-dtb with tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
[ 274.6714 ] [................................................] 100%
[ 274.6836 ] Writing partition bootloader-dtb_b with tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
[ 274.7050 ] [................................................] 100%
[ 274.7161 ] Writing partition secure-os with tos-trusty_t194_sigheader.img.encrypt
[ 274.7368 ] [................................................] 100%
[ 274.7531 ] Writing partition secure-os_b with tos-trusty_t194_sigheader.img.encrypt
[ 274.7747 ] [................................................] 100%
[ 274.7899 ] Writing partition eks with eks_sigheader.img.encrypt
[ 274.8111 ] [................................................] 100%
[ 274.8142 ] Writing partition eks_b with eks_sigheader.img.encrypt
[ 274.8340 ] [................................................] 100%
[ 274.8370 ] Writing partition bpmp-fw with bpmp_t194_sigheader.bin.encrypt
[ 274.8570 ] [................................................] 100%
[ 274.8894 ] Writing partition bpmp-fw_b with bpmp_t194_sigheader.bin.encrypt
[ 274.9141 ] [................................................] 100%
[ 274.9439 ] Writing partition bpmp-fw-dtb with tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt
[ 274.9695 ] [................................................] 100%
[ 274.9979 ] Writing partition bpmp-fw-dtb_b with tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt
[ 275.0216 ] [................................................] 100%
[ 275.0481 ] Writing partition xusb-fw with xusb_sil_rel_fw
[ 275.0712 ] [................................................] 100%
[ 275.0786 ] Writing partition xusb-fw_b with xusb_sil_rel_fw
[ 275.0861 ] [................................................] 100%
[ 275.0930 ] Writing partition rce-fw with camera-rtcpu-rce_sigheader.img.encrypt
[ 275.1008 ] [................................................] 100%
[ 275.1129 ] Writing partition rce-fw_b with camera-rtcpu-rce_sigheader.img.encrypt
[ 275.1335 ] [................................................] 100%
[ 275.1445 ] Writing partition adsp-fw with adsp-fw_sigheader.bin.encrypt
[ 275.1648 ] [................................................] 100%
[ 275.1704 ] Writing partition adsp-fw_b with adsp-fw_sigheader.bin.encrypt
[ 275.1904 ] [................................................] 100%
[ 275.1954 ] Writing partition sc7 with warmboot_t194_prod_sigheader.bin.encrypt
[ 275.2156 ] [................................................] 100%
[ 275.2205 ] Writing partition sc7_b with warmboot_t194_prod_sigheader.bin.encrypt
[ 275.2405 ] [................................................] 100%
[ 275.2449 ] Writing partition BMP with bmp.blob
[ 275.2646 ] [................................................] 100%
[ 275.2728 ] Writing partition BMP_b with bmp.blob
[ 275.2924 ] [................................................] 100%
[ 275.3001 ] Writing partition recovery with recovery_sigheader.img.encrypt
[ 275.3202 ] [................................................] 100%
[ 277.5617 ] Writing partition recovery-dtb with tegra194-p2888-0001-p2822-0000.dtb_sigheader.rec.encrypt
[ 277.5777 ] [................................................] 100%
[ 277.5931 ] Writing partition kernel-bootctrl with kernel_bootctrl.bin
[ 277.6151 ] [................................................] 100%
[ 277.6177 ] Writing partition kernel-bootctrl_b with kernel_bootctrl.bin
[ 277.6318 ] [................................................] 100%
[ 277.6345 ] Writing partition kernel with boot_sigheader.img.encrypt
[ 277.6485 ] [................................................] 100%
[ 279.4942 ] Writing partition kernel_b with boot_sigheader.img.encrypt
[ 279.5064 ] [................................................] 100%
[ 281.3511 ] Writing partition kernel-dtb with kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
[ 281.3637 ] [................................................] 100%
[ 281.3792 ] Writing partition kernel-dtb_b with kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt
[ 281.4014 ] [................................................] 100%
[ 281.4325 ] 
[ 281.4355 ] tegradevflash_v2 --write BCT br_bct_BR.bct
[ 281.4372 ] Bootloader version 01.00.0000
[ 281.5125 ] Writing partition BCT with br_bct_BR.bct
[ 281.5131 ] [................................................] 100%
[ 281.5726 ] 
[ 281.5773 ] tegradevflash_v2 --write MB1_BCT mb1_cold_boot_bct_MB1_sigheader.bct.encrypt
[ 281.5789 ] Bootloader version 01.00.0000
[ 281.6526 ] Writing partition MB1_BCT with mb1_cold_boot_bct_MB1_sigheader.bct.encrypt
[ 281.6537 ] [................................................] 100%
[ 281.6757 ] 
[ 281.6779 ] tegradevflash_v2 --write MB1_BCT_b mb1_cold_boot_bct_MB1_sigheader.bct.encrypt
[ 281.6794 ] Bootloader version 01.00.0000
[ 281.7526 ] Writing partition MB1_BCT_b with mb1_cold_boot_bct_MB1_sigheader.bct.encrypt
[ 281.7538 ] [................................................] 100%
[ 281.7756 ] 
[ 281.7797 ] tegradevflash_v2 --write MEM_BCT mem_coldboot_sigheader.bct.encrypt
[ 281.7815 ] Bootloader version 01.00.0000
[ 281.9087 ] Writing partition MEM_BCT with mem_coldboot_sigheader.bct.encrypt
[ 281.9097 ] [................................................] 100%
[ 281.9307 ] 
[ 281.9326 ] tegradevflash_v2 --write MEM_BCT_b mem_coldboot_sigheader.bct.encrypt
[ 281.9341 ] Bootloader version 01.00.0000
[ 282.0649 ] Writing partition MEM_BCT_b with mem_coldboot_sigheader.bct.encrypt
[ 282.0659 ] [................................................] 100%
[ 282.0863 ] 
[ 282.0864 ] Flashing completed

[ 282.0865 ] Coldbooting the device
[ 282.0887 ] tegrarcm_v2 --ismb2
[ 282.3564 ] 
[ 282.3584 ] tegradevflash_v2 --reboot coldboot
[ 282.3600 ] Bootloader version 01.00.0000
[ 282.5066 ] 
*** The target t186ref has been flashed successfully. ***
Reset the board to boot from internal eMMC.

flash_logs.txt (64.0 KB)

Hi @JerryChang

do I have to add

This as well in flash.sh
Secondly kindly tell me about the passphrase When and where do I have to set it. and will it be required on every boot?
Thanks

hello AbdulWasey,

assign your keys to the scripts.

for your other questions, please check Security chapter for the details.
thanks

Hi @JerryChang
Combining everything together for flash command kindly check and correct me if I am wrong.

For

We will add
-r -k <partition id>
Question1:
for -k swtich will we add -k cpu-bootloader

or will we add -k kernel-dtb

For

We will add
-u <rsa_priv.pem> -v <sbk.key> --user_key <user.key>

Now combining everything together
Sudo BOARDID=3668 BOARDSKU=0001 FAB=100 BOARDREV=H.0 ./flash.sh --no-flash -r -k <partition id> -u <pkc_file> -v <sbk_file> --user_key <user.key> jetson-agx-xavier-devkit mmcblk0p1

Question2:
Do I have to add ROOTFS_ENC=1 in this command for disk encryption? as mentioned in guide

Question 3:
Do we need -i <enc rfs key file> in this command for disk encryption.
and kindly point out If I am missing any thing else
so far I have done this

and also cboot patch

Thanks.

hello AbdulWasey,

had you already fuse (odmfuse.sh) the board to enable SecureBoot?

Hi @JerryChang

No just created fuseblob.tbz2 with --noburn used this

but haven’t burn fuses yet.
Thanks

Hi @JerryChang
Kindly guide me regarding these questions

Thanks

hello AbdulWasey,

these steps looks correct, you might have a try to enable secureBoot on your Jetson AGX Xavier in reality,
you should update CBoot sources and apply the patch, please have cboot_t194.bin to include the fix, you could either have partition update or perform full flash to update it.

BTW,
reply to your several specific questions as following,

Q1)
what’s your purpose to partition update (-k options) to generate signed/encrypted files individually?
if secureBoot has enabled, partition update is no longer supported.

in addition, it looks you’ve enable the Jetson security with PKC+SBK+KEK
for example, $ sudo BOARDID=3668 BOARDSKU=0001 FAB=100 BOARDREV=H.0 ./odmfuse.sh --noburn -j -i 0x19 -c PKC -p -k <pkc_file> -S <sbk_file> --KEK2 <kek2_file> jetson-agx-xavier-devkit
which means you should keep these keys, and always assign the same key on the same platform to have image flashing.

Tools for EKB generation means you’ll need to generate eks_image_file by your own, with the same key files you’d assign to enable Jetson security.

Q2)
just as same as documentation, please set ROOTFS_ENC=1 for disk encryption.

Q3)
so, you’d follow Tool for EKB Generation , eks_image_file is an image file generated from the Encrypted Binary Blob (EKB) file by the EKB generation tool.

Hi @JerryChang
The -i <enc rfs key file> in sudo ROOTFS_ENC=1 ./flash.sh -i "./ekb.key" <board> <rootdev> is the same as the sym_key2 <sym2_key_file> which is the disk encryption key in the Tool for EKB Generation ?

Hi @JerryChang
The disk encryption documentation mentioned about the passphrase when will I have to provide the passphrase because the implementation I have seen so far doesn’t mention when do I have to set it.
Thanks

hello AbdulWasey,

everything is included in the developer guide, it’s sym2_key_file for data encryption and decryption.
for example,

<sym2_key_file> is the disk encryption key.
this key is used in two reference implementations. One is the secure sample implemented by hwkey-agent and hwkey-app. This sample uses the key for data encryption and decryption. In another case, the key is the source key of the key generation of the LUKS key in the disk encryption reference implementation.

this thread already went to long, I think all the questions has already clarified.
please do have a try on your site, you could initial another new thread if you still need further supports.
thanks