hello AbdulWasey,
these steps looks correct, you might have a try to enable secureBoot on your Jetson AGX Xavier in reality,
you should update CBoot sources and apply the patch, please have cboot_t194.bin to include the fix, you could either have partition update or perform full flash to update it.
BTW,
reply to your several specific questions as following,
Q1)
what’s your purpose to partition update (-k
options) to generate signed/encrypted files individually?
if secureBoot has enabled, partition update is no longer supported.
in addition, it looks you’ve enable the Jetson security with PKC+SBK+KEK
for example, $ sudo BOARDID=3668 BOARDSKU=0001 FAB=100 BOARDREV=H.0 ./odmfuse.sh --noburn -j -i 0x19 -c PKC -p -k <pkc_file> -S <sbk_file> --KEK2 <kek2_file> jetson-agx-xavier-devkit
which means you should keep these keys, and always assign the same key on the same platform to have image flashing.
Tools for EKB generation means you’ll need to generate eks_image_file by your own, with the same key files you’d assign to enable Jetson security.
Q2)
just as same as documentation, please set ROOTFS_ENC=1
for disk encryption.
Q3)
so, you’d follow Tool for EKB Generation , eks_image_file is an image file generated from the Encrypted Binary Blob (EKB) file by the EKB generation tool.