SecureBoot on Jetson Nano, stuck at sign/flash the bootloader part

shengnan0509.chen · January 11, 2021, 10:56pm

Hi all,
efuse_output.txt (1.8 KB) sign_flash_bootloader_output.txt (2.9 KB)
I have a jetson nano without eMMC only SD card. I tried to set the SecureBoot

I think I am successfully done with the burn eFuses part, here is the command I use and I got the output in the “efus_output.txt”
sudo ./odmfuse.sh -c PKC -k ~/rsa_priv.pem -i 0x21 -p -o 0x56E47A38C5598974BC46903DBA29034900000000000000000000000000000000

Then I tried the sign and flash the bootloader, but I got a failed error(
Boot Rom communication failed Error: Return value 3 Command tegrarcm --chip 0x21 0 --rcm rcm_list_signed.xml --skipuid Reading board information failed.).
I tried with the following command:
sudo ./flash.sh -r -x 0x21 -y PKC -u ~/rsa_priv.pem jetson-nano-emmc mmcblk0p1

The complete output please check in the attachment file, sign_flash_bootloader_output.txt.

Does anyone can help me on that? Thanks in advance!

PS. I am sure that the Jetson Nano is in recovery mode. I put a jumper over the FRC pin and connected with a USB cable with an Ubuntu16.04 laptop.

JerryChang · January 12, 2021, 2:43am

hello shengnan0509,

SecureBoot only support with eMMC, you cannot enable it with SD-card version.
thanks

shengnan0509.chen · January 12, 2021, 8:43am

Hello JerryChang,

thanks for replying, not a good news for me ;)

Currently I cannot boot the OS of my Jetson Nano. I think its because I already burn the efues there.
But I can read the SD-card(where OS is).
Is there someway to recover and boot the Jetson Nano again?

Btw, I suggest to put this important information(secureboot can"t work only with SD-card version) to the SecureBoot website

shengnan0509.chen · January 12, 2021, 8:50am

Hi JerryChang,

another question:
If I want to set SecureBoot on the Jetson Nano with eMMC and SD-card, should I put the OD in eMMC or SD-card? Or it doesn’t matter?

JerryChang · January 12, 2021, 9:12am

hello shengnan0509,

programming a fuse is non reversible,
for example, programming a fuse, such as changing a value of a fuse bit from 0 to 1, you cannot change it back as 0.
thanks

shengnan0509.chen · January 15, 2021, 9:26am

Hi JerryChang,

further questions:

If I want to set SecureBoot on the Jetson Nano with eMMC and SD-card, should I put the OS(boot system) in eMMC or SD-card? Or it doesn’t matter?
Is signing and flashing Bootloader which is the next step after burning fuses reversible?
I read the tutorial that if the production_mode is not actived, we still can reprogram the fuses. Is it correct?

JerryChang · January 28, 2021, 3:18am

hello shengnan0509.chen,

you should works with eMMC since we do not support Jetson security with SD-card.
please check Jetson Nano Boot Flow, you may also refer to Topic 157952 for reference;

FYI,
secure boot is enabled when you begin production and burn the ODM production fuse (i.e. production_mode), it means JTAG debug is disabled, and all the fuses become inaccessible except Reserved_ODM.
however,
Reserved_ODM fuse are programmable until it disabled by the ODM_lock fuse.
thanks