I am trying to work with TFTP + NFS boot. I changed boot-order in CPUBL-CFG partition, and watching the serial console that is working.
I generate signed kernel and kernel-dtb files with the following commands:
sudo flash.sh --no-flash -N 192.168.0.1:/var/lib/nfsroot -k kernel-dtb jetson-xavier eth0
sudo flash.sh --no-flash -N 192.168.0.1:/var/lib/nfsroot -k kernel jetson-xavier eth0
I have 2 Jetson AGX Xavier kits in hand and they show different behaviour that I need to understand.
Xavier1: Have been working with it and used SDK manager and flash.sh many times. ( JetPack 4.2 )
Xavier2: Brand new, never been reflashed with those tools (the only usb cable I plugged in was the serial console, I updated CPUBL-CFG partition using dd command)
Xavier1 will boot with tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt and boot_sigheader.img.encrypt from tftp ( appropriately renamed without _sigheader and .encrypt). It gives me a “Stage2Signature validation failed with SHA2!!” when I put tegra194-p2888-0001-p2822-0000.dtb and boot.img in tftp server.
Xavier2 will boot with tegra194-p2888-0001-p2822-0000.dtb and boot.img from tftp. Using the _sigheader and .encrypt files give an “header magic mismatch”
I would expect tegra194-p2888-0001-p2822-0000.dtb and boot.img to be the signed working files, so the question is why do I need tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt and boot_sigheader.img.encrypt for Xavier1 and how can I have a unified solution?