HiJerryChang,
This use case is to generate signed images with private key, and deliver images to other to flash without private key.
For verification, we used the odmsign.func in secure boot source but SOM did not actually write PKC.
And modify the flashcmd.txt to use rcm_# and br_BR_bct.bct which are not signed.
But it is boot failed for some SOM when tegra_rcm_v2 --boot recovery, it should load Tboot recovery CPU, but it loaded Cboot and boot to normal kernel and the USB communication is failed.
The failed log is as below
[0002.002] I> MB1 (prd-version: 1.1.0.0-t194-41334769-514a1108)
[0002.008] I> Boot-mode: L0 RCM
[0002.010] I> Chip revision : A02
[0002.013] I> Bootrom patch version : 7 (correctly patched)
[0002.019] I> ATE fuse revision : 0x200
[0002.022] I> Ram repair fuse : 0x0
[0002.025] I> Ram Code : 0x0
[0002.028] I> rst_source : 0x0
[0002.030] I> rst_level : 0x0
[0002.034] I> USB configuration success
[0004.016] I> bct_bootrom image downloaded
[0004.025] E> MB1_PLATFORM_CONFIG: device prod data is empty in MB1 BCT.
[0004.031] E> MB1_PLATFORM_CONFIG: Failed to initialize device prod.
[0004.038] I> Temperature = 27000
[0004.041] W> Skipping boost for clk: BPMP_CPU_NIC
[0004.046] W> Skipping boost for clk: BPMP_APB
[0004.050] W> Skipping boost for clk: AXI_CBB
[0004.054] W> Skipping boost for clk: AON_CPU_NIC
[0004.058] W> Skipping boost for clk: CAN1
[0004.062] W> Skipping boost for clk: CAN2
[0004.066] I> Boot-device: eMMC
[0004.069] I> Boot-device: eMMC
[0004.072] I> bct_mb1 image downloaded
[0004.082] I> ECC region[0]: Start:0x0, End:0x0
[0004.086] I> ECC region[1]: Start:0x0, End:0x0
[0004.090] I> ECC region[2]: Start:0x0, End:0x0
[0004.094] I> ECC region[3]: Start:0x0, End:0x0
[0004.098] I> ECC region[4]: Start:0x0, End:0x0
[0004.102] I> Non-ECC region[0]: Start:0x80000000, End:0x100000000
[0004.108] I> Non-ECC region[1]: Start:0x0, End:0x0
[0004.112] I> Non-ECC region[2]: Start:0x0, End:0x0
[0004.117] I> Non-ECC region[3]: Start:0x0, End:0x0
[0004.121] I> Non-ECC region[4]: Start:0x0, End:0x0
[0004.128] W> MB1_PLATFORM_CONFIG: Rail ID 9 not found in pmic rail config tabl.
[0004.134] E> FAILED: Thermal config
[0004.138] W> DEVICE_PROD: device prod is not initialized.
[0004.143] W> DEVICE_PROD: device prod is not initialized.
[0004.152] W> MB1_PLATFORM_CONFIG: Rail ID 7 not found in pmic rail config tabl.
[0004.159] E> FAILED: MEMIO rail config
[0004.173] I> scrub mode: full dram
[0004.176] E> FUSE: Failed to verify ECID.
[0004.180] I> bct_mem image downloaded
[0004.976] I> blob image downloaded
[0004.990] I> Recovery boot mode 0
��
[0000.093] I> MB1 (prd-version: 1.1.0.0-t194-41334769-514a1108)
[0000.099] I> Boot-mode: L1 coldboot
[0000.102] I> Chip revision : A02
[0000.105] I> Bootrom patch version : 7 (correctly patched)
[0000.110] I> ATE fuse revision : 0x200
[0000.114] I> Ram repair fuse : 0x0
[0000.117] I> Ram Code : 0x0
[0000.119] I> rst_source : 0xa
[0000.122] I> rst_level : 0x1
[0000.126] I> Boot-device: eMMC
[0000.128] W> DEVICE_PROD: device prod is not initialized.
[0000.133] W> DEVICE_PROD: device prod is not initialized.
[0000.150] I> sdmmc DDR50 mode
[0000.154] W> DEVICE_PROD: device prod is not initialized.
[0000.160] W> No valid slot number is found in scratch register
[0000.165] W> Return default slot: _a
[0000.168] I> Active Boot chain : 0
[0000.172] I> Boot-device: eMMC
[0000.175] E> MB1_PLATFORM_CONFIG: device prod data is empty in MB1 BCT.
[0000.181] E> MB1_PLATFORM_CONFIG: Failed to initialize device prod.
[0000.187] I> Temperature = 27000
[0000.190] W> Skipping boost for clk: BPMP_CPU_NIC
[0000.195] W> Skipping boost for clk: BPMP_APB
[0000.199] W> Skipping boost for clk: AXI_CBB
[0000.203] W> Skipping boost for clk: AON_CPU_NIC
[0000.207] W> Skipping boost for clk: CAN1
[0000.211] W> Skipping boost for clk: CAN2
[0000.215] I> Boot-device: eMMC
[0000.218] I> Boot-device: eMMC
[0000.227] I> Sdmmc: HS400 mode enabled
[0000.235] I> ECC region[0]: Start:0x0, End:0x0
[0000.239] I> ECC region[1]: Start:0x0, End:0x0
[0000.243] I> ECC region[2]: Start:0x0, End:0x0
[0000.247] I> ECC region[3]: Start:0x0, End:0x0
[0000.252] I> ECC region[4]: Start:0x0, End:0x0
[0000.256] I> Non-ECC region[0]: Start:0x80000000, End:0x100000000
[0000.261] I> Non-ECC region[1]: Start:0x0, End:0x0
[0000.266] I> Non-ECC region[2]: Start:0x0, End:0x0
[0000.270] I> Non-ECC region[3]: Start:0x0, End:0x0
[0000.275] I> Non-ECC region[4]: Start:0x0, End:0x0
[0000.280] W> MB1_PLATFORM_CONFIG: Rail ID 9 not found in pmic rail config tabl.
[0000.287] E> FAILED: Thermal config
[0000.290] W> DEVICE_PROD: device prod is not initialized.
[0000.295] W> DEVICE_PROD: device prod is not initialized.
[0000.304] W> MB1_PLATFORM_CONFIG: Rail ID 7 not found in pmic rail config tabl.
[0000.311] E> FAILED: MEMIO rail config
[0000.326] I> scrub mode: full dram
[0000.329] E> FUSE: Failed to verify ECID.
[0000.343] I> sdmmc bdev is already initialized
[0000.380] W> No fuse-bypass data
[0000.387] W> MB1_PLATFORM_CONFIG: Rail ID 8 not found in pmic rail config tabl.
[0000.412] I> MB1 done
����main enter
SPE VERSION #: R01.00.14 Created: Sep 19 2018 @ 11:03:21
HW Function test
Start Scheduler.
in late init
��
[0000.420] I> Welcome to MB2(TBoot-BPMP) (version: 00.00.2018.32-mobile-30577)
[0000.421] I> DMA Heap @ [0x526fa000 - 0x52ffa000]
[0000.421] I> Default Heap @ [0xd486400 - 0xd488400]
[0000.422] E> DEVICE_PROD: Invalid value data = 70020000, size = 0.
[0000.428] W> device prod register failed
[0000.432] I> Boot-device: eMMC
[0000.435] I> Boot_device: SDMMC_BOOT instance: 3
[0000.442] I> sdmmc-3 params source = boot args
[0000.443] I> sdmmc bdev is already initialized
[0000.448] I> sdmmc-3 params source = boot args
[0000.454] I> Found 15 partitions in SDMMC_BOOT (instance 3)
[0000.460] I> Found 23 partitions in SDMMC_USER (instance 3)
[0000.463] W> No valid slot number is found in scratch register
[0000.468] W> Return default slot: _a
[0000.472] I> Active Boot chain : 0
[0000.476] I> parsing oem signed section of bpmp-fw header done
[0000.481] I> bpmp-fw binary init read from storage
[0000.486] I> oem authentication of bpmp-fw header done
[0000.492] I> bpmp-fw binary done read from storage
[0000.495] I> bpmp-fw: Authentication init Done
[0000.500] I> parsing oem signed section of cpubl header done
[0000.505] I> cpubl binary init read from storage
[0000.509] I> bpmp-fw: Authentication Finalize Done
[0000.514] I> oem authentication of cpubl header done
[0000.519] I> cpubl binary done read from storage
[0000.523] I> cpubl: Authentication init Done
[0000.528] I> parsing oem signed section of rce header done
[0000.533] I> rce binary init read from storage
[0000.537] I> Relocating BR-BCT
[0000.540] I> cpubl: Authentication Finalize Done
[0000.545] I> oem authentication of rce header done
[0000.549] I> rce binary done read from storage
[0000.553] I> rce: Authentication init Done
[0000.558] I> parsing oem signed section of tos header done
[0000.563] I> tos binary init read from storage
[0000.567] I> rce: Authentication Finalize Done
[0000.571] I> oem authentication of tos header done
[0000.576] I> tos binary done read from storage
[0000.580] I> tos: Authentication init Done
[0000.585] I> parsing oem signed section of bpmp-fw-dtb header done
[0000.590] I> bpmp-fw-dtb binary init read from storage
[0000.595] I> tos: Authentication Finalize Done
[0000.600] I> oem authentication of bpmp-fw-dtb header done
[0000.608] I> bpmp-fw-dtb binary done read from storage
[0000.610] I> bpmp-fw-dtb: Authentication init Done
[0000.615] I> parsing oem signed section of cpubl-dtb header done
[0000.620] I> cpubl-dtb binary init read from storage
[0000.625] I> bpmp-fw-dtb: Authentication Finalize Done
[0000.662] I> oem authentication of cpubl-dtb header done
[0000.663] I> cpubl-dtb binary done read from storage
[0000.663] I> cpubl-dtb: Authentication init Done
[0000.664] I> cpubl-dtb: Authentication Finalize Done
��NOTICE: BL31: v1.3(release):eca0c5e
NOTICE: BL31: Built : 00:20:29, Mar 13 2019
ERROR: Error initializing runtime service trusty_fast
��
welcome to lk
calling constructors
initializing heap
creating bootstrap completion thread
top of bootstrap2()
initializing platform
bpmp: platform_init
tag is 1c1b2165fe52a0a54ad7caf60d40cdc3
tag_show initialized
dt initialized
mail initialized
chipid initialized
fuse initialized
sku initialized
speedo initialized
ec_get_ec_list: found 45 ecs
ec initialized
ec_mrq initialized
vmon_populate_monitors: found 3 monitors
vmon initialized
adc initialized
fmon_populate_monitors: found 73 monitors
fmon initialized
fmon_mrq initialized
reset initialized
nvhs initialized
387 clocks registered
WARNING: pll_c4 has no dyn ramp
clk_mrq_init: mrq handler registered
clk initialized
io_dpd initialized
io_dpd initialized
thermal initialized
i2c5 controller initialized
initialized i2c mrq handling
i2c initialized
regulator initialized
avfs_clk_platform initialized
soctherm initialized
aotag initialized
powergate initialized
dvs initialized
pm initialized
pg_late initialized
strap initialized
tag initialized
emc initialized
clk_dt initialized
avfs_ccplex_platform initialized
tj_max: dt node not found
tj_init initialized
uphy_mrq_init: mrq handler registered
uphy_dt initialized
uphy initialized
mrq initialized
��
[0001.123] I> Welcome to Cboot
[0001.123] I> Cboot Version: .08.07.2019.31-t194-d0918aed��fmon_post initialized
��
[0001.124] I> CPU-BL Params @ 0xea820000
[0001.124] I> 0) Base:0x00000000 Size:0x00000000
[0001.125] I> 1) Base:0xea100000 Size:0x00100000
[0001.130] I> 2) Base:0xea000000 Size:0x00100000
[0001.134] I> 3) Base:0xe9300000 Size:0x00100000
[0001.138] I> 4) Base:0xe9200000 Size:0x00100000
[0001.143] I> 5) Base:0xe9100000 Size:0x00100000
[0001.148] I> 6) Base:0xeb800000 Size:0x00400000
[0001.151] I> 7) Base:0xe9c00000 Size:0x00400000��clk_dt_late initialized
But some board is OK to flash in this script, log is as below
[0001.872] I> MB1 (prd-version: 1.1.0.0-t194-41334769-514a1108)
[0001.878] I> Boot-mode: L0 RCM
[0001.881] I> Chip revision : A02
[0001.884] I> Bootrom patch version : 7 (correctly patched)
[0001.889] I> ATE fuse revision : 0x200
[0001.892] I> Ram repair fuse : 0x0
[0001.895] I> Ram Code : 0x0
[0001.898] I> rst_source : 0x0
[0001.901] I> rst_level : 0x0
[0001.904] I> USB configuration success
[0003.887] I> bct_bootrom image downloaded
[0003.895] E> MB1_PLATFORM_CONFIG: device prod data is empty in MB1 BCT.
[0003.901] E> MB1_PLATFORM_CONFIG: Failed to initialize device prod.
[0003.909] I> Temperature = 27500
[0003.912] W> Skipping boost for clk: BPMP_CPU_NIC
[0003.916] W> Skipping boost for clk: BPMP_APB
[0003.920] W> Skipping boost for clk: AXI_CBB
[0003.924] W> Skipping boost for clk: AON_CPU_NIC
[0003.929] W> Skipping boost for clk: CAN1
[0003.932] W> Skipping boost for clk: CAN2
[0003.937] I> Boot-device: eMMC
[0003.939] I> Boot-device: eMMC
[0003.942] I> bct_mb1 image downloaded
[0003.952] I> ECC region[0]: Start:0x0, End:0x0
[0003.956] I> ECC region[1]: Start:0x0, End:0x0
[0003.960] I> ECC region[2]: Start:0x0, End:0x0
[0003.964] I> ECC region[3]: Start:0x0, End:0x0
[0003.969] I> ECC region[4]: Start:0x0, End:0x0
[0003.973] I> Non-ECC region[0]: Start:0x80000000, End:0x100000000
[0003.978] I> Non-ECC region[1]: Start:0x0, End:0x0
[0003.983] I> Non-ECC region[2]: Start:0x0, End:0x0
[0003.987] I> Non-ECC region[3]: Start:0x0, End:0x0
[0003.992] I> Non-ECC region[4]: Start:0x0, End:0x0
[0003.998] W> MB1_PLATFORM_CONFIG: Rail ID 9 not found in pmic rail config tabl.
[0004.005] E> FAILED: Thermal config
[0004.008] W> DEVICE_PROD: device prod is not initialized.
[0004.013] W> DEVICE_PROD: device prod is not initialized.
[0004.022] W> MB1_PLATFORM_CONFIG: Rail ID 7 not found in pmic rail config tabl.
[0004.029] E> FAILED: MEMIO rail config
[0004.043] I> scrub mode: full dram
[0004.046] E> FUSE: Failed to verify ECID.
[0004.050] I> bct_mem image downloaded
[0004.845] I> blob image downloaded
[0004.858] I> Recovery boot mode 0
[0004.921] I> MB1 done
����main enter
SPE VERSION #: R01.00.14 Created: Sep 19 2018 @ 11:03:21
HW Function test
Start Scheduler.
in late init
��
[0004.930] I> Welcome to MB2(TBoot-BPMP) Recovery (version: 00.00.2018.32-mob)
[0004.930] I> DMA Heap @ [0x526fa000 - 0x52ffa000]
[0004.931] I> Default Heap @ [0xd486400 - 0xd488400]
[0004.932] E> DEVICE_PROD: Invalid value data = 70020000, size = 0.
[0004.938] W> device prod register failed
[0004.943] I> parsing oem signed section of bpmp-fw header done
[0004.950] I> bpmp-fw binary copied from blob
[0004.952] I> oem authentication of bpmp-fw header done
[0004.957] I> bpmp-fw: Authentication init Done
[0004.961] I> parsing oem signed section of cpubl header done
[0004.967] I> cpubl binary copied from blob
[0004.970] I> bpmp-fw: Authentication Finalize Done
[0004.975] I> oem authentication of cpubl header done
[0004.980] I> cpubl: Authentication init Done
[0004.984] I> parsing oem signed section of tos header done
[0004.990] I> tos binary copied from blob
[0004.993] I> Relocating BR-BCT
[0004.996] I> cpubl: Authentication Finalize Done
[0005.001] I> oem authentication of tos header done
[0005.005] I> tos: Authentication init Done
[0005.009] I> parsing oem signed section of bpmp-fw-dtb header done
[0005.017] I> bpmp-fw-dtb binary copied from blob
[0005.020] I> tos: Authentication Finalize Done
[0005.025] I> oem authentication of bpmp-fw-dtb header done
[0005.029] I> bpmp-fw-dtb: Authentication init Done
[0005.034] I> parsing oem signed section of cpubl-dtb header done
[0005.041] I> cpubl-dtb binary copied from blob
[0005.044] I> bpmp-fw-dtb: Authentication Finalize Done
[0005.169] I> oem authentication of cpubl-dtb header done
[0005.170] I> cpubl-dtb: Authentication init Done
[0005.171] I> cpubl-dtb: Authentication Finalize Done
��NOTICE: BL31: v1.3(release):eca0c5e
NOTICE: BL31: Built : 00:20:29, Mar 13 2019
ERROR: Error initializing runtime service trusty_fast
��
welcome to lk
calling constructors
initializing heap
creating bootstrap completion thread
top of bootstrap2()
initializing platform
bpmp: platform_init
tag is 1c1b2165fe52a0a54ad7caf60d40cdc3
tag_show initialized
dt initialized
mail initialized
chipid initialized
fuse initialized
sku initialized
speedo initialized
ec_get_ec_list: found 45 ecs
ec initialized
ec_mrq initialized
vmon_populate_monitors: found 3 monitors
vmon initialized
adc initialized
fmon_populate_monitors: found 73 monitors
fmon initialized
fmon_mrq initialized
reset initialized
nvhs initialized
387 clocks registered
clk_mrq_init: mrq handler registered
clk initialized
io_dpd initialized
io_dpd initialized
thermal initialized
i2c5 controller initialized
initialized i2c mrq handling
i2c initialized
regulator initialized
avfs_clk_platform initialized
soctherm initialized
aotag initialized
powergate initialized
dvs initialized
pm initialized
pg_late initialized
strap initialized
tag initialized
emc initialized
clk_dt initialized
avfs_ccplex_platform initialized
tj_max: dt node not found
tj_init initialized
/uphy is not enabled status = disabled
uphy_dt initialized
uphy initialized
mrq initialized
��
[0005.622] I> Welcome to TBoot��fmon_post initialized
��-CPU Recovery
[0005.623] I> Heap: [0xa5000000 ... 0xaa000000
[0005.624] I> CPU: Nvidia Carmel
[0005.627] I> CPU: MIDR: 0x4e0f0040, MPIDR: 0x80000000
[0005.631] I> chip revision : A02
[0005.635] I> Boot-device: eMMC
[0005.638] I> Boot_device: SDMMC_BOOT instance: 3
��clk_dt_late initialized
machine_check initialized
pm_post initialized
dbells initialized
avfs_clk_platform_post initialized
dmce initialized
cvc initialized