Hi NV Team,
Since our device can only log in to the system through ssh,
How to flash secure-os image?
BSP R35.3.1
Thanks!
hello future.wang,
did you meant a partition update?
you may refer to Preparing the OTA Payload Package section to create the OTA payload package for updating Bootloader only.
Hi Jerry,
I searched and found the following conversation:
Can I use the dd command to flash secure-os?
Hi Jerry,
I just need to re-flash:tos-optee_t194.img.
hello future.wang,
did you have Jetson security enabled? for instance, burning fuse variables, PCK, SBK…etc
please check partition labels with… $ ls -al /dev/disk/by-partlabel/
Hi Jerry,
Not enabling security
$ ls -al /dev/disk/by-partlabel/
total 0
drwxr-xr-x 2 root root 920 Mar 15 2023 .
drwxr-xr-x 8 root root 160 Mar 15 2023 ..
lrwxrwxrwx 1 root root 15 Mar 15 2023 APP -> ../../mmcblk0p1
lrwxrwxrwx 1 root root 16 Mar 15 2023 RECROOTFS -> ../../mmcblk0p38
lrwxrwxrwx 1 root root 16 Mar 15 2023 RP1 -> ../../mmcblk0p36
lrwxrwxrwx 1 root root 16 Mar 15 2023 RP2 -> ../../mmcblk0p37
lrwxrwxrwx 1 root root 16 Mar 15 2023 UDA -> ../../mmcblk0p44
lrwxrwxrwx 1 root root 16 Mar 15 2023 adsp-fw -> ../../mmcblk0p12
lrwxrwxrwx 1 root root 16 Mar 15 2023 adsp-fw_b -> ../../mmcblk0p28
lrwxrwxrwx 1 root root 15 Mar 15 2023 bootloader-dtb -> ../../mmcblk0p5
lrwxrwxrwx 1 root root 16 Mar 15 2023 bootloader-dtb_b -> ../../mmcblk0p21
lrwxrwxrwx 1 root root 15 Mar 15 2023 bpmp-fw -> ../../mmcblk0p8
lrwxrwxrwx 1 root root 15 Mar 15 2023 bpmp-fw-dtb -> ../../mmcblk0p9
lrwxrwxrwx 1 root root 16 Mar 15 2023 bpmp-fw-dtb_b -> ../../mmcblk0p25
lrwxrwxrwx 1 root root 16 Mar 15 2023 bpmp-fw_b -> ../../mmcblk0p24
lrwxrwxrwx 1 root root 15 Mar 15 2023 cpu-bootloader -> ../../mmcblk0p4
lrwxrwxrwx 1 root root 16 Mar 15 2023 cpu-bootloader_b -> ../../mmcblk0p20
lrwxrwxrwx 1 root root 15 Mar 15 2023 eks -> ../../mmcblk0p7
lrwxrwxrwx 1 root root 16 Mar 15 2023 eks_b -> ../../mmcblk0p23
lrwxrwxrwx 1 root root 16 Mar 15 2023 esp -> ../../mmcblk0p40
lrwxrwxrwx 1 root root 16 Mar 15 2023 esp_alt -> ../../mmcblk0p43
lrwxrwxrwx 1 root root 16 Mar 15 2023 kernel -> ../../mmcblk0p15
lrwxrwxrwx 1 root root 16 Mar 15 2023 kernel-dtb -> ../../mmcblk0p16
lrwxrwxrwx 1 root root 16 Mar 15 2023 kernel-dtb_b -> ../../mmcblk0p32
lrwxrwxrwx 1 root root 16 Mar 15 2023 kernel_b -> ../../mmcblk0p31
lrwxrwxrwx 1 root root 15 Mar 15 2023 mts-mce -> ../../mmcblk0p2
lrwxrwxrwx 1 root root 16 Mar 15 2023 mts-mce_b -> ../../mmcblk0p18
lrwxrwxrwx 1 root root 15 Mar 15 2023 mts-proper -> ../../mmcblk0p3
lrwxrwxrwx 1 root root 16 Mar 15 2023 mts-proper_b -> ../../mmcblk0p19
lrwxrwxrwx 1 root root 16 Mar 15 2023 rce-fw -> ../../mmcblk0p11
lrwxrwxrwx 1 root root 16 Mar 15 2023 rce-fw_b -> ../../mmcblk0p27
lrwxrwxrwx 1 root root 16 Mar 15 2023 recovery -> ../../mmcblk0p34
lrwxrwxrwx 1 root root 16 Mar 15 2023 recovery-dtb -> ../../mmcblk0p35
lrwxrwxrwx 1 root root 16 Mar 15 2023 recovery-dtb_alt -> ../../mmcblk0p42
lrwxrwxrwx 1 root root 16 Mar 15 2023 recovery_alt -> ../../mmcblk0p41
lrwxrwxrwx 1 root root 16 Mar 15 2023 reserved_for_chain_A_user -> ../../mmcblk0p17
lrwxrwxrwx 1 root root 16 Mar 15 2023 reserved_for_chain_B_user -> ../../mmcblk0p33
lrwxrwxrwx 1 root root 16 Mar 15 2023 sc7 -> ../../mmcblk0p14
lrwxrwxrwx 1 root root 16 Mar 15 2023 sc7_b -> ../../mmcblk0p30
lrwxrwxrwx 1 root root 16 Mar 15 2023 sce-fw -> ../../mmcblk0p13
lrwxrwxrwx 1 root root 16 Mar 15 2023 sce-fw_b -> ../../mmcblk0p29
lrwxrwxrwx 1 root root 15 Mar 15 2023 secure-os -> ../../mmcblk0p6
lrwxrwxrwx 1 root root 16 Mar 15 2023 secure-os_b -> ../../mmcblk0p22
lrwxrwxrwx 1 root root 16 Mar 15 2023 uefi_variables -> ../../mmcblk0p39
lrwxrwxrwx 1 root root 16 Mar 15 2023 xusb-fw -> ../../mmcblk0p10
lrwxrwxrwx 1 root root 16 Mar 15 2023 xusb-fw_b -> ../../mmcblk0p26
hello future.wang,
yes, it should works.
you need to create sign/encrypt binary file locally, it’s able to created by flash script.
$ sudo ./flash.sh --no-flash -r -k secure-os jetson-agx-xavier-devkit mmcblk0p1
for instance,
[ 0.1456 ] Signed file: /home/jerry/nvidia/nvidia_sdk/JetPack_5.1.3_Linux_JETSON_AGX_XAVIER_TARGETS/Linux_for_Tegra/bootloader/tos-optee_t194_sigheader.img.encrypt
after that,
please using scp to copy the sign/encrypt binary file to your target, and running with dd commands to update secure-os partition.
for example,
$ sudo dd if=tos-optee_t194_sigheader.img.encrypt of=/dev/mmcblk0p6 bs=1M
it’ll take effect after warm reboot, i.e. $ sudo reboot
Hi Jerry,
The flshing was successful.
Very detailed, thank you very much!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.