Unable to boot jetson agx xavier devkit after flashing the JP4.6.1 with PKC and SBK secured keys

I have tried to make secure boot on jetson agx xavier devkit. Used the JP4.6.1 for secured boot.

followed this link to make secured boot package: https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3275/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html#

Please check attached logs for your reference. Your suggestion and feedback will be more helpful for the resolving this issue.
flashing_logs.txt (135.8 KB)
serial_console_logs.txt (78.6 KB)

hello sagarkoli159,

please double check your keys.
there’re some error about invalid fuse values.
for instance,

[0007.485] I> Burning fuses
[0007.487] E> FUSE: Invalid value fuse_word:0.
[0007.488] E> FUSE: Invalid value fuse_word:0.
[0007.488] E> FUSE: Invalid value fuse_word:0.

Hi JerryChang,

I burned the fuses with the command below:
sudo ./odmfuse.sh -i 0x19 -k rsa_priv.pem --KEK0 kek0.key --KEK1 kek1.key --KEK2 kek2.key -S sbk.key jetson-xavier

In this command I am not using -p option.

Through the below command I am able to cross check the burnt keys, also check the attached odmfuse_logss.txt file :
./odmfuse.sh -i 0x19 --test -k rsa_priv.pem --KEK0 kek0.key --KEK1 kek1.key --KEK2 kek2.key -S sbk.key jetson-xavier

odmfuse_logss.txt (103.5 KB)

Then flashed through below command and succeeded. Please check attached flashing_logs.txt file :
sudo ./flash.sh -r -u rsa_priv.pem -v sbk.key jetson-xavier mmcblk0p1

flashing_logs.txt (135.8 KB)

Then cold booted the system but serial console is silent no serial prints.

My question is here : Without using -p [Sets production mode] on keys fusing will affect on system booting.

Waiting for your clarification.

Thanks!

hello sagarkoli159,

it recommends burning all the fuses you need in a single operation. while partial fuse burning is possible if SecurityMode is not burned, it may lead to issues not described in this document.

Hi JerryChang,

Is it possible to change the fusing keys?

unfortunately not, fuse burning operations are high-risk because they cannot be reversed.

Hi Hi JerryChang,

Please check attached snippet and took it from link: https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3275/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html#

Please check highlighted part. Is any one of the option will be sufficient to burn a secure fuse. As I am using the 2nd option. I am able to burn the secure fuses and flash the image. But my Jetson AGX Xavier board is not booting and there is no prints on serial debug port.

I am not understanding the issue. Could you please provide your solution on this issue.

Waiting for your detailed information on this issue.

Thanks!

hello sagarkoli159,

please refer to Topic 117585 to fuse AGX Xavier.
as you can see, we’ve burning all the fuses, including production mode.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.