Hello!
I have recently managed to get SecureBoot & eMMC encryption working on my TX2NX but now I can’t update the kernel remotely anymore. Previously, without secure boot, I simply generated signed Kernel or DTB images using flash.py script with --no-flash parameter. Then I found out what TX2NX partitions were by checking out bootloader/flash.idx file and then I simply changed out the kernel or DTS file.
Kernel update example without SecureBoot:
sudo dd if=boot_sigheader.img.encrypt of=/dev/mmcblk0p28 bs=4M
DTB update example without SecureBoot:
sudo dd if=kernel_tegra186-p3636-0001-p3509-0000-a01_sigheader.dtb.encrypt of=/dev/mmcblk0p30 bs=4M
After that, everything works fine - kernel and DTB is updated successfully without problem.
Now after I have fused TX2NX with keys and flashed image, I want to update the kernel just like this. Of course, I am generating encrypted Kernel or DTB images with my SecureBoot keys added as parameters - they are created successfully. Then I checked out if partitions have changed from bootloader/flash.idx file and noted that all partitions are shifted by one because there’s extra partition for encrypted keys. Kernel went from 28 to 29, DTB from 30 to 31. So now I’m trying to sudo dd encrypted & signed files but it doesn’t boot at all anymore. Are there extra steps for using sudo dd on SecureBoot Jetson device?