UEFI Secureboot with disk encryption

JerryChang · April 20, 2023, 7:01am

hello JulienMoinard,

it’s failure when EKB extraction, the error is due to mismatch content header.

E/TC:0 0 ekb_extraction_process:227 Bad parameter: eks image not correct
E/TC:0 0 jetson_user_key_pta_init:801 jetson_user_key_pta_init: Failed (ffff0006).
E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x000c3120 failed`

there’re several test approaches you may give them a try…
(1) could you please double check eks_t194.img has updated correctly.
(2) please try not using user_key.
(3) is it possible to validate with r35.3.1 release version?

JulienMoinard · April 20, 2023, 8:50am

Hi,

Like you can see in my previous post I have the same issue on r35.3.1. I not recompile UEFI I use your last release (r35.3.1) instead.

When you tell me not using user_key I already done that on my previous post but I need user_key to generate EKS ? So user_key is in eks but not provided in flash command ?

I update eks_t194.img like I update eks.img for Jetpack 4.6.3 I don’t understand.

Best regards,

JulienMoinard:

Hello,
I just try with Jetson UEFI firmware (version 3.1-32827747 built on 2023-03-19T14:56:32+00:00)

Your patch is included in this version ? (last release available) because I have always issue EKS bad parameter to decrypt disk and and at boot UEFI show me ** WARNING: Test Key is used. ** … even if I use–uefi-keys uefi_keys/uefi_keys.conf

[0002.821] I> EKB detected (length: 0x410) @ VA:0x52709400
[0002.823] I> Setting EKB blob info to OPTEE dtb finished.
▒▒NOTICE:  BL31: v2.6(release):07eea4970
NOTICE:  BL31: Built : 07:55:15, Mar 19 2023
I/TC:
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 3.19 (gcc version 9.3.0 (Buildroot 2020.08)) #2 Sun Mar 19 15:02:42 UTC 2023 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
E/TC:0 0 ekb_extraction_process:227 Bad parameter: eks image not correct
E/TC:0 0 jetson_user_key_pta_init:801 jetson_user_key_pta_init: Failed (ffff0006).
E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x000c3240 failed
I/TC: Primary CPU switching to normal world boot
▒▒
  [0003.483] I> Welcome to NVDisp-Init
[0003.483] I> NVDisp-Init version: t194-709c0123
[0003.484] I> CPU-BL Params @ 0xca020000
[0003.484] I>  0) Base:0x00000000 Size:0x00000000
[0003.484] I>  1) Base:0xc8100000 Size:0x00100000
[0003.484] I>  2) Base:0xc9800000 Size:0x00200000
[0003.485] I>  3) Base:0xc8600000 Size:0x00200000
[0003.487] I>  4) Base:0xc8000000 Size:0x00100000
[0003.492] I>  5) Base:0xc7f00000 Size:0x00100000
[0003.496] I>  6) Base:0xc9400000 Size:0x00400000
[0003.501] I>  7) Base:0xc9000000 Size:0x00400000
[0003.505] I>  8) Base:0xc7e00000 Size:0x00100000
[0003.510] I>  9) Base:0xc7d00000 Size:0x00100000
[0003.514] I> 10) Base:0xca800000 Size:0x00800000
[0003.519] I> 11) Base:0x40000000 Size:0x00040000
[0003.523] I> 12) Base:0xc7c00000 Size:0x00100000
[0003.527] I> 13) Base:0x40046000 Size:0x00002000
[0003.532] I> 14) Base:0x40048000 Size:0x00002000
[0003.536] I> 15) Base:0xaf000000 Size:0x00004000
[0003.541] I> 16) Base:0x4004a000 Size:0x00002000
[0003.545] I> 17) Base:0xc7a00000 Size:0x00100000
[0003.550] I> 18) Base:0x4004c000 Size:0x00002000
[0003.554] I> 19) Base:0xc9a00000 Size:0x00600000
[0003.559] I> 20) Base:0x4004e000 Size:0x00002000
[0003.563] I> 21) Base:0xc7bc0000 Size:0x0000c000
[0003.568] I> 22) Base:0x00000000 Size:0x00000000
[0003.572] I> 23) Base:0xc7be0000 Size:0x00020000
[0003.577] I> 24) Base:0xcc000000 Size:0x02000000
[0003.581] I> 25) Base:0x40050000 Size:0x00002000
[0003.586] I> 26) Base:0x40040000 Size:0x00006000
[0003.590] I> 27) Base:0xc8c00000 Size:0x00400000
[0003.594] I> 28) Base:0xc8400000 Size:0x00200000
[0003.599] I> 29) Base:0xc8800000 Size:0x00400000
[0003.603] I> 30) Base:0xc7bd0000 Size:0x00010000
[0003.608] I> 31) Base:0x00000000 Size:0x00000000
[0003.612] I> 32) Base:0xf8000000 Size:0x08000000
[0003.617] I> 33) Base:0xce000000 Size:0x2a000000
[0003.621] I> 34) Base:0xcb000000 Size:0x01000000
[0003.626] I> 35) Base:0xae000000 Size:0x01000000
[0003.630] I> 36) Base:0xa0000000 Size:0x0e000000
[0003.635] I> 37) Base:0xca000000 Size:0x00800000
[0003.639] I> 38) Base:0x80000000 Size:0x20000000
[0003.644] I> 39) Base:0xb0000000 Size:0x08000000
[0003.648] I> 40) Base:0x00000000 Size:0x00000000
[0003.652] I> 41) Base:0x00000000 Size:0x00000000
[0003.657] I> 42) Base:0xc8200000 Size:0x00200000
[0003.661] I> 43) Base:0x00000000 Size:0x00000000
[0003.666] I> 44) Base:0x00000000 Size:0x00000000
[0003.670] I> 45) Base:0x00000000 Size:0x00000000
[0003.675] GIC-SPI Target CPU: 0
[0003.678] Interrupts Init done
[0003.681] calling constructors
[0003.684] initializing heap
[0003.686] I> Heap: [0xa0960000 ... 0xadf00000]
[0003.690] initializing threads
[0003.693] initializing timers
[0003.696] creating bootstrap completion thread
[0003.700] top of bootstrap2()
[0003.703] CPU: MIDR: 0x4E0F0040, MPIDR: 0x80000000
[0003.708] initializing platform
[0003.711] E> DEVICE_PROD: Invalid value data = 0, size = 0.
[0003.716] W> device prod register failed
[0003.720] I> Bl_dtb @0xadf00000
[0003.723] I> gpio framework initialized
[0003.734] I> tegrabl_gpio_driver_register: register 'nvidia,tegra194-gpio' driver
[0003.740] I> tegrabl_gpio_driver_register: register 'nvidia,tegra194-gpio-aon' driver
[0003.745] I> fixed regulator driver initialized
[0003.762] I> register 'maxim' power off handle
[0003.765] I> virtual i2c enabled
[0003.765] I> registered 'maxim,max20024' pmic
[0003.766] I> tegrabl_gpio_driver_register: register 'max20024-gpio' driver
[0003.766] I> Boot-device: QSPI
[0003.767] I> Boot_device: QSPI_FLASH instance: 0
[0003.772] I> configure_qspi_clk: qparams clk_src = 5, clk_div = 0, clk_src_freq = 800000000, interface_freq = 50000000
[0003.782] I> configure_qspi_clk: FORCING INTERFACE_FREQ TO 133000000!!
[0003.790] I> QSPI source rate = 204000 Khz
[0003.793] I> Requested rate for QSPI clock = 34000 Khz
[0003.798] I> BPMP-set rate for QSPI clk = 34000 Khz
[0003.803] I> tx_clk_tap_delay : 0
[0003.805] I> rx_clk_tap_delay : 16
[0003.809] I> QSPI Flash Size = 32 MB
[0003.817] I> Qspi initialized successfully
[0003.817] I> qspi flash-0 params source = boot args
[0003.821] W> No board IDs available
[0003.824] E> Failed to get board id info!
[0003.830] I> sdmmc-3 params source = safe params
[0003.837] I> Found 41 partitions in QSPI_FLASH (instance 0)
[0003.839] W> Cannot find any partition table for 00000003
[0003.843] E> Failed to publish 00000003
[0003.852] I> Found 23 partitions in SDMMC_USER (instance 3)
[0003.870] I> regulator 'vdd-hdmi-5v0' already enabled
[0003.877] I> regulator 'vdd-hdmi-5v0' already enabled
[0003.878] I> hdmi cable connected
[0003.884] W> set volts not configured for 'vdd-1v0'
[0003.890] W> set volts not configured for 'vdd-1v8-hs'
[0003.890] I> retrieved tmds range from prod_list_hdmi_soc
[0003.892] E> cannot find any other nvdisp nodes
[0003.909] I> edid read success
[0003.921] I> edid read success
[0003.921] I> width = 640, height = 480, frequency = 25174825
[0003.922] I> width = 640, height = 480, frequency = 25174825
[0003.922] I> width = 640, height = 480, frequency = 25174825
[0003.923] I> width = 1024, height = 768, frequency = 65000000
[0003.923] I> width = 1024, height = 768, frequency = 65000000
[0003.927] I> width = 1024, height = 768, frequency = 65000000
[0003.932] I> width = 1920, height = 1080, frequency = 148500000
[0003.938] I> width = 1280, height = 720, frequency = 74250000
[0003.944] I> width = 640, height = 480, frequency = 25174825
[0003.949] I> width = 720, height = 480, frequency = 26973026
[0003.955] I> width = 1280, height = 720, frequency = 74175824
[0003.960] I> width = 1280, height = 720, frequency = 74175824
[0003.966] I> width = 1920, height = 1080, frequency = 148351648
[0003.972] I> width = 1920, height = 1080, frequency = 148351648
[0003.977] I> Best mode Width = 1920, Height = 1080, freq = 148351648
[0003.989] I> hdmi_enable, starting HDMI initialisation
[0003.993] I> hdmi_enable, HDMI initialisation complete
[0004.003] initializing target
[0004.003] calling apps_init()
[0004.004] starting app kernel_boot_app
[0004.005] I> Kernel type = Normal

Jetson UEFI firmware (version 3.1-32827747 built on 2023-03-19T14:56:32+00:00)

**  WARNING: Test Key is used.  **

EnrollFromDefaultKeysApp: Skipped - USER_MODE

Thank you.

JulienMoinard · April 20, 2023, 7:09pm

Hello,

This doesn’t work for me on l4t-r35.3.1.

Could you share with us all information with example keys to use with gen_ekb.py please ?

Best regards,
Julien.

JerryChang:

hi all,

we’ve test locally with l4t-r35.3.1, disk encryption works normally, note, we’ve ignore UEFI secureboot at the moment.

here’s commands to flash the Xavier NX eMMC.
$ sudo ROOTFS_ENC=1 ./flash.sh -u rsa_priv.pem -v sbk.key -i sym2_t194.key jetson-xavier-nx-devkit-emmc mmcblk0p1
###############################################################################
# L4T BSP Information:
# R35 , REVISION: 3.1
# User release: 0.0
###############################################################################
Change device boot from mmcblk0p1 to internal
sbk_keyfile is present, but no user_keyfile; set user_keyfile to zero keyfile
# Target Board Information:
# Name: jetson-xavier-nx-devkit-emmc, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: SBKPKC, 
# Disk encryption: enabled ,
###############################################################################
you may also check UART logs for reference.
for example, r35.3.1_xavier_NX_PKCSBK_ROOTFS_ENC_UART.txt (73.7 KB)

JerryChang · April 21, 2023, 6:11am

hello JulienMoinard,

it turns out there’s an issue with --user_key.
FYI,
the option --user_key is only supported with JP-4.x to encrypt/decrypt user images, such as kernel/kernel-dtb.
however, this options is no longer supported with JP-5.x, it’s replaced by --uefi-enc options, and it’ll be available by the next JP-5 release, i.e. Jetpack-5.1.2 release version.

back to your original question…
the root cause might be the EKS image is not correctly decrypted.
you’ll need to check kek2.key which is used to encrypt EKS image.
hence,
please check… whether the KEK2 key is burned into the target.
a) If yes…, could you please check whether the burned KEK2 key is the same as the key2.key used in generating eks image?
b) If no…, could you please check whether the key2.key includes zeros key.

JulienMoinard · April 21, 2023, 8:13am

Hello JerryChang,

Thank you so much for your answer about --user_key I need to wait for your next release , do you have any lead time ?

Your right, I will double check by kek2 key.

Do you think I need to use last odmfuse from jetpack 5 to fuse a new board to ensure that the format / bit order of the key is ok ? Or you don’t change anything with odmfuse in the last 2 years ?

In another word can I use an old already fused board with old odmfuse script to flash with new jetpack 5 ?

I have so many already fused board so I your change something probably I can’t use anymore my old SOM already fused ?

Best regards,

JerryChang · April 21, 2023, 8:33am

hello JulienMoinard,

I don’t have solid schedule for next JP-5 release, sorry for that.
please expect it may not be available soon since JP-5.1.1 has just public in late March.

>> In another word can I use an old already fused board with old odmfuse script to flash with new jetpack 5 ?
>>I have so many already fused board so I your change something probably I can’t use anymore my old SOM already fused

as mentioned above, you should avoid using --user_key for JP-5.
as long as all fused/flashing keys are match, image flashing should also works.
furthermore, we had also confirm with the device that fused before (in JP-4). and we verify with flashing JP-5 image to it.

riboyama · April 21, 2023, 9:09am

Hi Julien,

I’ve successfully enabled diskencryption with uefi secureboot on this release, however Im using a Xavier AGX…
As JerryChang already mentioned, --user-key is not support on this release. See my post: UEFI Secureboot JP 5.1.1 L4T 35.3.1 - #19 by riboyama

I took a quick look at the Jetpack 4.5 docs, it seems that your board is fused correctly and that your fuses are compatible with this release. However, I’m no expert so take this with a grain of salt.

Generating eks_t194.img:

python3 gen_ekb.py -chip t194 -kek2_key kek2.key \
        -fv fv_ekb_t194.key \
        -in_sym_key sym_t194.key \
        -in_sym_key2 sym2_t194.key \
        -out eks_t194.img

The fv_ekb_194.key should be bad66eb4484983684b992fe54a648bb8, unless you have recompiled the optee sources with another key.
---user-key is unsupported. sym_t194.key is the user_key. So sym_t194.key must be all zero’s: 00000000000000000000000000000000
sym2_t194.key is your rootfs encryption key. It will also be used for flash.sh -i sym2_t194.key
Copy eks_t194.img to Linux_for_Tegra/bootloader/eks_t194.img

Flashing:

The flash.sh script is broken in this release if you enable Secureboot and Diskencryption together when using flash.sh See my post for the fix.

After you’ve edited disk_encryption_helper.func you can now flash:

The correct flash command for PKC + SBK + DiskEncryption + UEFI Secureboot (AGX devkit) is sudo ROOTFS_ENC=1 ./flash.sh --uefi-keys uefi_keys/uefi_keys.conf -i $sym2file -u $keyfile -v $sbkfile jetson-agx-xavier-devkit mmcblk0p1

On first boot you will see that dbx and dbt cannot be enrolled, this is OK.
On reboot you should see Skipped - USER_MODE, this means that the uefi secureboot is enabled.

JulienMoinard · April 21, 2023, 1:41pm

Hi Riboyama,

Thank you so much for your help for UEFI it is works well except some warning message that I can remove by myself if I recompile uefi binary. So thank again.

For my issue with EKS you answer some question I have, user key need to be 0 to be used with gen_ekb. But I have always an issue.

b) If no…, could you please check whether the key2.key includes zeros key.

I try without SBK and PKC by using KEK2 to 0 and user_key to 0 on unfused board :

lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/keys$ sudo python3 gen_ekb.py -kek2_key key2.key -fv fv_ekb -in_sym_key user.key -in_sym_key2 disk.key -out ../bootloader/eks_t194.img
lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/keys$ cat key2.key 
00000000000000000000000000000000
lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/keys$ cat user.key 
00000000000000000000000000000000
lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/keys$ cat disk.key 
7B233A2F57E7EFA655A6F7B963E8EBCC
lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/keys$ cat fv_ekb
bad66eb4484983684b992fe54a648bb8

sudo python3 gen_ekb.py -kek2_key key2.key -fv fv_ekb -in_sym_key user.key -in_sym_key2 disk.key -out ../bootloader/eks_t194.img

lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra$ sudo ROOTFS_ENC=1 ./flash.sh -i keys/disk.key jetson-xavier-nx-devkit-emmc mmcblk0p1
[sudo] Mot de passe de lootus : 
###############################################################################
# L4T BSP Information:
# R35 , REVISION: 3.1
# User release: 0.0
###############################################################################
Change device boot from mmcblk0p1 to internal
# Target Board Information:
# Name: jetson-xavier-nx-devkit-emmc, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: NS, 
# Disk encryption: enabled ,
###############################################################################
copying soft_fuses(/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

] ▒▒: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
E/TC:0 0 ekb_extraction_process:227 Bad parameter: eks image not correct
E/TC:0 0 jetson_user_key_pta_init:801 jetson_user_key_pta_init: Failed (ffff0006).
E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x000c3240 failed

I don’t understand this kek2.key work on jetpack 4 , I try to change kek2.key on jetpack 4 by changing a byte and of course It doesn’t work with a similar issue so my kek2 key on jetpack 4 is right but the same for jetpack 5 . I am so confused

So you seems right my kek2 key is not the right one . Are your really sure that an old board fused witht odmfuse from jetpack 4 is not an issue to use this board fused to be usable with jetpack 5 ?
Any change on hardware SOM that explain that ?

I am crazy !

Best julien.

riboyama · April 24, 2023, 8:09am

I guess you could check the odmfuse config on your Jetpack 4.x to see if the key matches with your fuses.
Can you try copying the eks_t194.img with cp, instead of using --out ../bootloader/eks_t194.img maybe the tool doesn’t overwrite the image correctly?

python3 gen_ekb.py -kek2_key key2.key -fv fv_ekb -in_sym_key user.key -in_sym_key2 disk.key -out eks_t194.img
cp eks_t194.img Linux_for_Tegra/bootloader/eks_t194.img

JulienMoinard · April 24, 2023, 1:27pm

Hi,

Do you have an idea how to check that keys match with fuse ?

Because in Jetpack 4 gen_ekb work well and linux boot properly with disk encryption.
But not in Jetpack 5 but if it is works well at your side , I make a mistake probably ?

sudo python3 gen_ekb.py -kek2_key key2.key -fv fv_ekb -in_sym_key user.key -in_sym_key2 disk.key -out eks_t194.img

lootus@ubuntu:/local/dev/photon-5.1/nvidia_sdk/JetPack_5.1.1/Linux_for_Tegra/bootloader$ cp keys/eks_t194.img bootloader/eks_t194.img

As you can see, file has been updated before upgrade

But after flash , my eks_t194.img file was updated and do you know why ? for signing probably but sign is in another file ?

Do you have an example to use ODM fuse compare with mine ?

Best regards,
Julien.

JulienMoinard · April 24, 2023, 6:05pm

Hi,

I just try with a new board and fuse with known keys but I have the same issue.


[0002.760] I> EKB detected (length: 0x410) @ VA:0x52709400
[0002.761] I> Setting EKB blob info to OPTEE dtb finished.
▒▒NOTICE:  BL31: v2.6(release):07eea4970
NOTICE:  BL31: Built : 07:55:15, Mar 19 2023
I/TC:
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 3.19 (gcc version 9.3.0 (Buildroot 2020.08)) #2 Sun Mar 19 15:02:42 UTC 2023 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
E/TC:0 0 ekb_extraction_process:227 Bad parameter: eks image not correct
E/TC:0 0 jetson_user_key_pta_init:801 jetson_user_key_pta_init: Failed (ffff0006).
E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x000c3240 failed
I/TC: Primary CPU switching to normal world boot
▒▒

Sombody can confirm me that encryption disk work on JetPack 5.1.1 with a Jetson Nx ?

It is very important for me to be able to load this eks img

Best regards,
Julien.

JerryChang · April 25, 2023, 2:56am

please refer to previous comment, post #29. disk encryption works normally with l4t-r35.3.1 on Xavier NX eMMC.

what’s the keys you’re used for a new board?

to clarity,
if you’re used an unfused board, that’s zero key (i.e. all zero kek2.key) to encrypt EKS image.
the key for decrypting kernel/kernel-dtb, and the key for disk encryption that are all stored in the EKS.

JerryChang · April 25, 2023, 3:09am

and… where this script file gen_ekb.py came from? are you using the one from JP-5.1.1 public release package?
i.e. r35.3.1/Linux_for_Tegra/source/public/atf_and_optee/optee/samples/hwkey-agent/host/tool/gen_ekb/gen_ekb.py

riboyama · April 25, 2023, 8:57am

Hi Julien,

You’re missing the -chip t194 parameter when using gen_ekb.py.
So in your case it should be sudo python3 gen_ekb.py -chip t194 -kek2_key key2.key -fv fv_ekb -in_sym_key user.key -in_sym_key2 disk.key -out eks_t194.img

JulienMoinard · April 25, 2023, 9:18am

Hi,
I missing this time the -chip t194 but by default it already t194 so It change nothing.

I retry all and post all step to be sure.

Best regards,

JulienMoinard · April 25, 2023, 3:57pm

Hello,

It is works fine now.
My gen_ekb was not the last one.

Thank you for your support.

JerryChang · April 26, 2023, 3:29am

thanks for confirmation, glad to know it works.
BTW, please see-also comment #48, please avoid using --user_key for JP-5.x release version.

system · May 17, 2023, 6:18am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.