Hello.
Release 32.6.1
I have a few questions regarding security.
odmfuse.sh options.
What does this option mean? I didn’t find explanation of it.
Thank you.
Hi,
Please note we don’t support secureboot on Xavier NX sdcard. Please enable it on Xavier NX emmc(production module). For steps in detail, please refer to
Unable to burn fuses (dev kit) / no more output (serial/hdmi) / bricked? - #89 by DaneLLL
The -p option is to loock the PKC and SBK key. Without it, if the bits of PKC and SBK are 0, they can still be programmed to 1. However, there is an issue of programming PKC + SBK without -p, so please always set the option on Xavier and Xavier NX.
The layout of SBK key is:
$ cat sbk.key
0x12345678 0x9abcdef0 0xfedcba98 0x76543210
Thank you for explanation.
And another one question about user_key option.
Additionally, I can sign and burn images with help of user_key option:
sudo ./flash.sh -u <pkc_keyfile> -v <sbk_keyfile> --user_key <user_keyfile> <device_name> mmcblk0p1
But I can sign images in separate step:
./l4t_sign_image.sh --file <filename> --chip 0x19 --key <keyfile>] --encrypt_key <encrypt_keyfile>
What is the reason for it?
How can I use signed images without burning?