tegrasign replacement for Jetson Nano for DTB file generation


in an effort to get rid of the NVIDIA binaries for creating partitions/boot files/images for the Nano, I wrote a small tool that creates signed DTB files. The idea came from this posting for the TX2: https://devtalk.nvidia.com/default/topic/1042852/jetson-tx2/request-for-a-tool-to-update-device-tree-locally-/post/5389646

You can find my version for the Nano here:

You could use the tool to create a signed DTB file with the partition header like this:

python mytegrasign.py --offset=560 --dtbheader tegra210-p3448-0000-p3449-0000-a02.dtb

This creates a file called tegra210-p3448-0000-p3449-0000-a02.dtb.encrypt

You can write this file to the SD-Card with dd. It belongs to the partition 10, like this:

dd if=tegra210-p3448-0000-p3449-0000-a02.dtb.encrypt of=/dev/mmcblk0p10

This should also work on the Nano itself (unlike the NVIDIA binaries), so no external development host is needed. Please keep in mind that this tool is written without deeper knowledge of the partition header format or hash generation, as I did not find any documentation on that. I tested it with a locally generated DTB file but it might still fail in other situations and lead to an unbootable system - keep a backup of your SD-Card for this case.

Any feedback is appreciated.

1 Like

hello arne.caspari,

thanks for sharing, this might helps speed-up the development.
please also note that this tool should depends-on JetPack release,
if the tools broken by a future release, please consider working with host-machine via flash script as formal approach.

1 Like

I tried to use your tool, but it generated slightly different files. See attached.

dtb.bin.txt (1 MB)
maza.dtb.encrypt.txt (194.1 KB)

The files are actually binary files. The dtb.bin file is a dump from the DTB partition. The .encrypt file was generated by your tool.


I’ve also tried the following:

./tegrahost --chip 0x21 --align test.dtb
./tegrahost --magicid DTB --appendsigheader test.dtb test.dtb_blheader
./tegrasign --key None --file test.dtb_blheader
./tegrahost --updatesigheader test_encrypt.dtb_blheader test.hash zerosbk

It seems to generate the correct files, although what looks like the signed key is different than the one I dump from the DTB partitions. NVidia, how can I create a valid DTB partition on the PC WITHOUT connecting to the SOM?

Hi Shadowmind,

Please open a new topic for your issue. Thanks