The command of capsule upgrade reported Operation not permitted

Robotics & Edge Computing Jetson Systems Jetson Orin NX
1

Hi

HW: orinnx 16G

JP: 5.1.3

I went to update the capsule when I run the command below

sudo dd if=/tmp/var_tmp.bin of=FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 bs=5;sync

It repored:
dd: failed to open "FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9": Operation not permitted

But it still can update the capsule , I did not know if it update successfully.

Did it affect the capsule upgrade?

2

*** Please note that this reply is generated by LLM automatically ***

Based on the provided context, it appears that you are trying to update the Capsule on a Jetson Orin NX device. The command you ran seems to be incomplete, but I’ll provide a comprehensive answer based on the context.

To update the Capsule, you need to follow the steps outlined in the context:

  1. Copy the Capsule payload to the EFI/UpdateCapsule directory in the esp partition of the active boot media.
  2. Set the bit2 of the OsIndications UEFI variable.
  3. Reboot the Jetson device. UEFI uses the Capsule payload to update the non-current slot Bootloader.
  4. To check the Capsule update status and current slot, run the nvbootctrl command.

If you’ve completed these steps and the Capsule update status is success, it’s likely that the update was successful. However, if you’re unsure, you can verify the update by checking the UEFI Secure Boot status and the updated KEK, db, and dbx keys.

To check the UEFI Secure Boot status, you can follow the high-level process outlined in the context:

  1. Prepare the update keys.
  2. Generate the Capsule payload with UEFI Secure Boot enabled.
  3. Trigger a Capsule update.
  4. Check and verify update keys.

If the UEFI Secure Boot status is enabled, and the updated KEK, db, and dbx keys are verified, it’s likely that the Capsule update was successful.

In your case, since you didn’t provide the complete command, it’s difficult to determine if the update was successful. However, if you’ve completed the steps outlined above and the Capsule update status is success, it’s likely that the update was successful.

To confirm, you can try running the nvbootctrl command to check the Capsule update status and current slot. If the status is success, and the current slot is updated, it’s likely that the Capsule update was successful.

In comparison to other Jetson devices, the update process for the Jetson Orin NX is similar. However, the specific commands and steps may vary depending on the device and the version of the UEFI firmware.

In summary, to determine if the Capsule update was successful, you can:

  • Check the Capsule update status and current slot using the nvbootctrl command.
  • Verify the UEFI Secure Boot status and the updated KEK, db, and dbx keys.
  • Follow the high-level process outlined in the context to update the UEFI Secure Boot keys.

If you’re still unsure, please provide more information about the command you ran and the output you received, and I’ll be happy to help you further.

*** Please give the thumbs up if you get answers you like. Or provide feedback to help us improve the answer. ***

3

I have run the command below

cd /sys/firmware/efi/efivars/
printf "\x07\x00\x00\x00\x01" > /tmp/var_tmp.bin
sudo dd if=/tmp/var_tmp.bin of=FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 bs=5;sync

printf "\x07\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00" > /tmp/var_tmp.bin
sudo dd if=/tmp/var_tmp.bin of=OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c bs=12;sync

But when I run

sudo dd if=/tmp/var_tmp.bin of=FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 bs=5;sync

it reported:

dd: failed to open “FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9”: Operation not permitted

5

Hi,

Could you please share the result of your update?
Run the following command to check:

sudo cat /sys/firmware/efi/esrt/entries/entry0/last_attempt_status

Thanks

6

the value is 0, how to recovery it?

When it was updating the capsule, I power off the board and then I try to update the capsule again, it report the issue

7

hello, please help me to check the issue, thank you

8

Hi,

Please remove old /sys/firmware/efi/efivars/FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 before you do above commands.

Please refer to example:

sudo chattr -i FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9
sudo dd if=/tmp/var_tmp.bin of=FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 bs=5;sync

Thanks

9

It also reports “Operation not permitted“ to remove this file., but I run

“sudo chattr -i FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9“ then run “sudo dd if=/tmp/var_tmp.bin of=FmpCapsuleSinglePartitionChain-781e084c-a330-417c-b678-38e696380cb9 bs=5;sync“

it reports success, thank you.

11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.