I thought I did everything right and researched this topic for days. I’m not sure I was able to get SecureBoot enabled on my devkit. When I press ‘Esc’ during bootup and navigate to Device Manager → Secure Boot Configuration it says “Current Secure Boot State Disabled”.
From a previous support topic it seems someone was directed to look for “RSA PSS signature check: OK” on the serial console. I see 8 of those printouts during bootup.
Running odmfuseread.sh seems to reboot the device.
Looking at /sys/devices/platform/tegra-fuse/public_key, it seems to be a truncated version of what I used in the fuse.xml file. This doesn’t seem good.
/sys/devices/platform/tegra-fuse/boot_security_info is reporting 0x00000000. I used 0x2a09 in my fuse.xml file.
I kept all the serial logs. On the serial console all looked good:
I> Burning fuses
I> 1. Start PublicKeyHash burn
I> 1. PublicKeyHash burnt successfully
I>
I> 2. Start SecureBootKey burn
I> 2. SecureBootKey burnt successfully
I>
I> 3. Start OemK1 burn
I> 3. OemK1 burnt successfully
I>
I> 4. Start BootSecurityInfo burn
I> 4. BootSecurityInfo burnt successfully
I>
I> Successfully burnt fuses as per fuse info
user@ubuntu:~/orin/Linux_for_Tegra$ sudo ./odmfuseread.sh -i 0x23 jetson-agx-orin-devkit
Error: Either PKC or SBK key is not provided for SBK+PKC protected target board.
I think the problem was that odmfuseread insists on rsa.pem and sbk.key be in bootloader/… after I moved those there I get I think reasonable output from it.
There is no update from you for a period, assuming this is not an issue any more.
Hence we are closing this topic. If need further support, please open a new one.
Thanks
Sorry for the late response.
Is this still an issue to support? Any result can be shared?