Still fail to enable secureboot

Hi,

Is there any update?

Hi ninaH,

we found there’s a bug of fusing utility, which burn PKC Disable accidently.
it’s still under investigation.

hello @ninaH,

please download Topic144888_Sep22_nvtboot.zip (211.1 KB) for nvtboot binaries.
there’re total 4 binaries, you may update those nvtboot*.bin binaries to correct the issue for fuse burn.

$OUT/Linux_for_Tegra/
./bootloader/nvtboot_recovery.bin
./bootloader/nvtboot_cpu.bin
./bootloader/nvtboot_recovery_cpu.bin
./bootloader/t210ref/nvtboot.bin

we had some software approaches to confirm issue resolved.
for example,
$ sudo ./odmfuse.sh -i 0x21 -p -c PKC -k keys_priv.pem --test

PKC Disable did not programmed to 0x1 by checking the xml content of the fuse results,
for example, $ cat bootloader/odmfuse_pkc.xml.sav

<genericfuse MagicId="0x46555345" version="1.0.0">
<fuse name="JtagDisable" size="4" value="0x1" />
<fuse name="PublicKeyHash" size="32" value="0xc9c4ef2073a436724d6e988188b3e1be5ed61ddcc25b3028ab8fd6c5ea2eabb0" />
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>

hence,
please do actual fuse burns to have confirmation,
thanks

1 Like

Hi @JerryChang,

I’ve tested fuse and flash procedure on new SOM with those nvtboot binaries.
This SOM boots successfully on signed image.
Thank you for your great help.

hello ninaH,

FYI, we had finish code-review process.
please expect next public release, (i.e. JetPack-4.5) will include those nvtboot fixes.
thanks

1 Like