please re-create EKS image (i.e. eks_t194.img), since you’re using a customize KEK2.
you may visit jetson-linux-r3560 to download [Driver Package (BSP) Sources].
please extract op-tee package, you may see-also below as an example, $public_sources/r35.6.0/Linux_for_Tegra/source/public/atf_and_optee/optee/samples/hwkey-agent/host/tool/gen_ekb/example.sh
Regenerated the eks_t194.img with our keys and copied it to the bootloader folder. Still I see no output on the monitor after flashing is finished , not even UEFI Boot Menu.
Question : ** In the command above, “-in_auth_key auth_t194.key” I haven’t used this key in r35.4.1 , but it is present in example.sh in r35.6.0. Do I need this key ?
Note: in ./flash.sh, to generate the mass flash images in offline mode, we hard-coded some random ECID from a random jetson board. It works for us everytime (with r35.4.1 BSP) when we flash the image created using it to some other jetson board too. If we don’t do this, we need to set the jetson in recovery mode again.
I used our Kek2, sym_t194.key and sym2_t194.key keys to generate the EKS image but I haven’t given any auth_t194.key . Should I just give default auth key as :
Since, it is a custom board, there is a debug port but the logs don’t come on the minicom. I am talking to vendor regarding this. They suggested to modify below patch in “kernel_tegra194-p3668-0001-p3509-0000.dtb” file and recompile it:
I did these steps, still I don’t see any output on serial console. I am using FTDI 3.3V serial cable connecting GND->GND, TX->RX and RX->TX . Is this modification of dtb and extlinux correct ? Do I need to do something else ?
One more question: while fusing the board, if “jtag_disable” fuse has been set to 1. Does it block the debug output on the debug port ? If yes, can I somehow refuse this fuse and enable it ?
yes, it’s please using all 0s as default auth_t194.key.
it’s disabling JTAG (4-pin connector), UART should be still available for the logs.
anyways, may I know how you re-flash the targets?
please give it another try by running `flash.sh`, since flash script also support image flashing with Xavier NX series.
I used this auth_t194.key with all 0’s and now it WORKS ! The jetson could bootup with new BSP 35.6.0(secureboot + disk encryption )
Could you please let me know what is this key for ? And why it needs to be all 0’s even for a fused jetson board ?
this is UEFI payload authentication key file, which by default configured as all 0s. you may refer to UEFI Secureboot for more details.
let’s close this discussion thread, please open a new topic for further supports.