@JerryChang I’m leaning towards that I have the default Jetson AGX Xavier DevKit. I did not know there where customize carrier boards.
So where do I go from here. You identified a possible issue, but solution or course of action…
hello dcapers44,
you should assign correct board spec to generate a fuse blob.
may I know the TNSPEC of your Xavier platform?
i.e. # cat /etc/nv_boot_control.conf
dcapers@NUC-Ubuntu-18:~/nvidia/Linux_for_Tegra$ cat rootfs/etc/nv_boot_control.conf
TNSPEC 2888-400-0006-H.0-1-2-jetson-agx-xavier-devkit-mmcblk0p1
TEGRA_CHIPID 0x19
TEGRA_OTA_BOOT_DEVICE /dev/mmcblk0boot0
TEGRA_OTA_GPT_DEVICE /dev/mmcblk0boot1
hello dcapers44,
it looks strange to report an error for loading device tree blob.
here’s one more thing may need your help for confirmation,
could you please replace the board name as jetson-xavier
for example,
(1) $ sudo BOARDID=2888 FAB=400 BOARDSKU=0006 BOARDREV=H.0 ./flash.sh --no-flash -u RSA_Key.pem -v SBK.txt --user_key User_Key.txt jetson-xavier mmcblk0p1
(2) $ cd bootloader
(3) $ sudo bash ./flashcmd.txt
@JerryChang I’ve tried the suggested steps from your previous post. The Jetson is still freezes upon booting up…
dcapers@NUC-Ubuntu-18:~/nvidia/Linux_for_Tegra$ cd bootloader/
dcapers@NUC-Ubuntu-18:~/nvidia/Linux_for_Tegra/bootloader$ sudo bash ./flashcmd.txt
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands
[ 0.0110 ] Parsing partition layout
[ 0.0121 ] tegraparser_v2 --pt secureflash.xml.tmp
[ 0.0140 ]
[ 0.0141 ] Boot Rom communication
[ 0.0152 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_1_signed.rcm --rcm rcm_2_signed.rcm
[ 0.0162 ] BR_CID: 0xd8021911647d15030c00000013ff0100
[ 0.0171 ] Boot Rom communication completed
[ 1.0622 ]
[ 2.0680 ] tegrarcm_v2 --isapplet
[ 2.0719 ] Applet version 01.00.0000
[ 2.0912 ]
[ 2.0913 ] Sending BCTs
[ 2.0925 ] tegrarcm_v2 --download bct_bootrom br_bct_BR.bct --download bct_mb1 mb1_bct_MB1.bct_sigheader.encrypt.signed --download bct_mem mem_rcm.bct_sigheader.encrypt.signed
[ 2.0937 ] Applet version 01.00.0000
[ 2.1302 ] Sending bct_bootrom
[ 2.1310 ] [................................................] 100%
[ 2.1335 ] Sending bct_mb1
[ 2.1371 ] [................................................] 100%
[ 2.1417 ] Sending bct_mem
[ 2.1886 ] [................................................] 100%
[ 2.2717 ]
[ 2.2719 ] Generating blob
[ 2.2774 ] tegrahost_v2 --chip 0x19 --generateblob blob.xml blob.bin
[ 2.2804 ] number of images in blob are 11
[ 2.2827 ] blobsize is 6381592
[ 2.2839 ] Added binary blob_nvtboot_recovery_cpu_t194.bin_sigheader.encrypt.signed of size 260032
[ 2.2961 ] Added binary blob_nvtboot_recovery_t194.bin_sigheader.encrypt.signed of size 130928
[ 2.2983 ] Added binary blob_preboot_c10_prod_cr_sigheader.bin.encrypt.signed of size 24016
[ 2.3031 ] Added binary blob_mce_c10_prod_cr_sigheader.bin.encrypt.signed of size 143200
[ 2.3069 ] Added binary blob_mts_c10_prod_cr_sigheader.bin.encrypt.signed of size 3430416
[ 2.3084 ] Added binary blob_bpmp_t194_sigheader.bin.encrypt.signed of size 856352
[ 2.3120 ] Added binary blob_tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt.signed of size 746752
[ 2.3135 ] Added binary blob_spe_t194_sigheader.bin.encrypt.signed of size 94960
[ 2.3146 ] Added binary blob_tos-trusty_t194_sigheader.img.encrypt.signed of size 402368
[ 2.3159 ] Added binary blob_eks_sigheader.img.encrypt.signed of size 5136
[ 2.3171 ] Added binary blob_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt.signed of size 287248
[ 2.3176 ]
[ 2.3177 ] Sending bootloader and pre-requisite binaries
[ 2.3192 ] tegrarcm_v2 --download blob blob.bin
[ 2.3206 ] Applet version 01.00.0000
[ 2.3361 ] Sending blob
[ 2.3363 ] [................................................] 100%
[ 3.2338 ]
[ 3.2374 ] tegrarcm_v2 --boot recovery
[ 3.2405 ] Applet version 01.00.0000
[ 3.2647 ]
[ 4.2701 ] tegrarcm_v2 --isapplet
[ 4.9535 ]
[ 4.9577 ] tegrarcm_v2 --ismb2
[ 4.9801 ]
[ 4.9847 ] tegradevflash_v2 --iscpubl
[ 4.9889 ] Bootloader version 01.00.0000
[ 5.0055 ] Bootloader version 01.00.0000
[ 5.0056 ]
[ 5.0057 ] Retrieving storage infomation
[ 5.0101 ] tegrarcm_v2 --oem platformdetails storage storage_info.bin
[ 5.0137 ] Applet is not running on device. Continue with Bootloader
[ 5.0330 ]
[ 5.0373 ] tegradevflash_v2 --oem platformdetails storage storage_info.bin
[ 5.0416 ] Bootloader version 01.00.0000
[ 5.0454 ] Saved platform info in storage_info.bin
[ 5.0502 ]
[ 5.0504 ] Flashing the device
[ 5.0541 ] tegraparser_v2 --storageinfo storage_info.bin --generategpt --pt secureflash.xml.bin
[ 5.0600 ]
[ 5.0645 ] tegradevflash_v2 --pt secureflash.xml.bin --create
[ 5.0679 ] Bootloader version 01.00.0000
[ 5.0709 ] Erasing sdmmc_boot: 3 ......... [Done]
[ 6.1935 ] Writing partition secondary_gpt with gpt_secondary_0_3.bin
[ 6.1961 ] [................................................] 100%
[ 6.2273 ] Erasing sdmmc_user: 3 ......... [Done]
[ 6.9776 ] Writing partition master_boot_record with mbr_1_3.bin
[ 6.9797 ] [................................................] 100%
[ 6.9814 ] Writing partition primary_gpt with gpt_primary_1_3.bin
[ 6.9871 ] [................................................] 100%
[ 6.9887 ] Writing partition secondary_gpt with gpt_secondary_1_3.bin
[ 7.0088 ] [................................................] 100%
[ 7.0285 ] Writing partition mb1 with mb1_t194_prod_sigheader.bin.encrypt.signed
[ 7.0308 ] [................................................] 100%
[ 7.0400 ] Writing partition mb1_b with mb1_t194_prod_sigheader.bin.encrypt.signed
[ 7.1481 ] [................................................] 100%
[ 7.1573 ] Writing partition spe-fw with spe_t194_sigheader.bin.encrypt.signed
[ 7.1829 ] [................................................] 100%
[ 7.1870 ] Writing partition spe-fw_b with spe_t194_sigheader.bin.encrypt.signed
[ 7.2061 ] [................................................] 100%
[ 7.2101 ] Writing partition mb2 with nvtboot_t194_sigheader.bin.encrypt.signed
[ 7.2305 ] [................................................] 100%
[ 7.2361 ] Writing partition mb2_b with nvtboot_t194_sigheader.bin.encrypt.signed
[ 7.2600 ] [................................................] 100%
[ 7.2660 ] Writing partition mts-preboot with preboot_c10_prod_cr_sigheader.bin.encrypt.signed
[ 7.2895 ] [................................................] 100%
[ 7.2905 ] Writing partition mts-preboot_b with preboot_c10_prod_cr_sigheader.bin.encrypt.signed
[ 7.3106 ] [................................................] 100%
[ 7.3117 ] Writing partition SMD with slot_metadata.bin
[ 7.3305 ] [................................................] 100%
[ 7.3316 ] Writing partition SMD_b with slot_metadata.bin
[ 7.3456 ] [................................................] 100%
[ 7.3466 ] Writing partition VER_b with emmc_bootblob_ver.txt
[ 7.3603 ] [................................................] 100%
[ 7.3618 ] Writing partition VER with emmc_bootblob_ver.txt
[ 7.3744 ] [................................................] 100%
[ 7.3759 ] Writing partition master_boot_record with mbr_1_3.bin
[ 7.3889 ] [................................................] 100%
[ 7.3900 ] Writing partition APP with system.img
[ 7.3972 ] [................................................] 100%
[ 251.5356 ] Writing partition mts-mce with mce_c10_prod_cr_sigheader.bin.encrypt.signed
[ 251.5634 ] [................................................] 100%
[ 251.5676 ] Writing partition mts-mce_b with mce_c10_prod_cr_sigheader.bin.encrypt.signed
[ 251.5881 ] [................................................] 100%
[ 251.5927 ] Writing partition mts-proper with mts_c10_prod_cr_sigheader.bin.encrypt.signed
[ 251.6123 ] [................................................] 100%
[ 251.7613 ] Writing partition mts-proper_b with mts_c10_prod_cr_sigheader.bin.encrypt.signed
[ 251.7820 ] [................................................] 100%
[ 251.9332 ] Writing partition cpu-bootloader with cboot_t194_sigheader.bin.encrypt.signed
[ 251.9574 ] [................................................] 100%
[ 251.9720 ] Writing partition cpu-bootloader_b with cboot_t194_sigheader.bin.encrypt.signed
[ 251.9931 ] [................................................] 100%
[ 252.0073 ] Writing partition bootloader-dtb with tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt.signed
[ 252.0296 ] [................................................] 100%
[ 252.0369 ] Writing partition bootloader-dtb_b with tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt.signed
[ 252.0586 ] [................................................] 100%
[ 252.0667 ] Writing partition secure-os with tos-trusty_t194_sigheader.img.encrypt.signed
[ 252.0872 ] [................................................] 100%
[ 252.0997 ] Writing partition secure-os_b with tos-trusty_t194_sigheader.img.encrypt.signed
[ 252.1208 ] [................................................] 100%
[ 252.1330 ] Writing partition eks with eks_sigheader.img.encrypt.signed
[ 252.1538 ] [................................................] 100%
[ 252.1555 ] Writing partition eks_b with eks_sigheader.img.encrypt.signed
[ 252.1741 ] [................................................] 100%
[ 252.1755 ] Writing partition bpmp-fw with bpmp_t194_sigheader.bin.encrypt.signed
[ 252.1951 ] [................................................] 100%
[ 252.2215 ] Writing partition bpmp-fw_b with bpmp_t194_sigheader.bin.encrypt.signed
[ 252.2458 ] [................................................] 100%
[ 252.2778 ] Writing partition bpmp-fw-dtb with tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt.signed
[ 252.3033 ] [................................................] 100%
[ 252.3275 ] Writing partition bpmp-fw-dtb_b with tegra194-a02-bpmp-p2888-a04_sigheader.dtb.encrypt.signed
[ 252.3511 ] [................................................] 100%
[ 252.3745 ] Writing partition xusb-fw with xusb_sil_rel_fw
[ 252.3962 ] [................................................] 100%
[ 252.4019 ] Writing partition xusb-fw_b with xusb_sil_rel_fw
[ 252.4079 ] [................................................] 100%
[ 252.4122 ] Writing partition rce-fw with camera-rtcpu-rce_sigheader.img.encrypt.signed
[ 252.4204 ] [................................................] 100%
[ 252.4301 ] Writing partition rce-fw_b with camera-rtcpu-rce_sigheader.img.encrypt.signed
[ 252.4506 ] [................................................] 100%
[ 252.4584 ] Writing partition adsp-fw with adsp-fw_sigheader.bin.encrypt.signed
[ 252.4778 ] [................................................] 100%
[ 252.4807 ] Writing partition adsp-fw_b with adsp-fw_sigheader.bin.encrypt.signed
[ 252.5003 ] [................................................] 100%
[ 252.5031 ] Writing partition sc7 with warmboot_t194_prod_sigheader.bin.encrypt.signed
[ 252.5230 ] [................................................] 100%
[ 252.5254 ] Writing partition sc7_b with warmboot_t194_prod_sigheader.bin.encrypt.signed
[ 252.5454 ] [................................................] 100%
[ 252.5478 ] Writing partition BMP with bmp.blob
[ 252.5666 ] [................................................] 100%
[ 252.5729 ] Writing partition BMP_b with bmp.blob
[ 252.5919 ] [................................................] 100%
[ 252.5983 ] Writing partition recovery with recovery_sigheader.img.encrypt.signed
[ 252.6178 ] [................................................] 100%
[ 254.8962 ] Writing partition recovery-dtb with tegra194-p2888-0001-p2822-0000.dtb.rec
[ 254.9107 ] [................................................] 100%
[ 254.9201 ] Writing partition kernel-bootctrl with kernel_bootctrl.bin
[ 254.9399 ] [................................................] 100%
[ 254.9422 ] Writing partition kernel-bootctrl_b with kernel_bootctrl.bin
[ 254.9542 ] [................................................] 100%
[ 254.9560 ] Writing partition kernel with boot_sigheader.img.encrypt.signed
[ 254.9685 ] [................................................] 100%
[ 256.8463 ] Writing partition kernel_b with boot_sigheader.img.encrypt.signed
[ 256.8575 ] [................................................] 100%
[ 258.7332 ] Writing partition kernel-dtb with kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt.signed
[ 258.7506 ] [................................................] 100%
[ 258.7592 ] Writing partition kernel-dtb_b with kernel_tegra194-p2888-0001-p2822-0000_sigheader.dtb.encrypt.signed
[ 258.7802 ] [................................................] 100%
[ 258.8063 ]
[ 258.8103 ] tegradevflash_v2 --write BCT br_bct_BR.bct
[ 258.8137 ] Bootloader version 01.00.0000
[ 258.8169 ] Writing partition BCT with br_bct_BR.bct
[ 258.8181 ] [................................................] 100%
[ 258.8740 ]
[ 258.8829 ] tegradevflash_v2 --write MB1_BCT mb1_cold_boot_bct_MB1.bct_sigheader.encrypt.signed
[ 258.8864 ] Bootloader version 01.00.0000
[ 258.8897 ] Writing partition MB1_BCT with mb1_cold_boot_bct_MB1.bct_sigheader.encrypt.signed
[ 258.8914 ] [................................................] 100%
[ 258.9095 ]
[ 258.9117 ] tegradevflash_v2 --write MB1_BCT_b mb1_cold_boot_bct_MB1.bct_sigheader.encrypt.signed
[ 258.9137 ] Bootloader version 01.00.0000
[ 258.9164 ] Writing partition MB1_BCT_b with mb1_cold_boot_bct_MB1.bct_sigheader.encrypt.signed
[ 258.9184 ] [................................................] 100%
[ 258.9379 ]
[ 258.9461 ] tegradevflash_v2 --write MEM_BCT mem_coldboot_sigheader.bct.signed
[ 258.9492 ] Bootloader version 01.00.0000
[ 258.9522 ] Writing partition MEM_BCT with mem_coldboot_sigheader.bct.signed
[ 258.9541 ] [................................................] 100%
[ 258.9710 ]
[ 258.9750 ] tegradevflash_v2 --write MEM_BCT_b mem_coldboot_sigheader.bct.signed
[ 258.9786 ] Bootloader version 01.00.0000
[ 258.9817 ] Writing partition MEM_BCT_b with mem_coldboot_sigheader.bct.signed
[ 258.9837 ] [................................................] 100%
[ 259.0013 ]
[ 259.0014 ] Flashing completed
[ 259.0015 ] Coldbooting the device
[ 259.0031 ] tegrarcm_v2 --ismb2
[ 259.0272 ]
[ 259.0289 ] tegradevflash_v2 --reboot coldboot
[ 259.0304 ] Bootloader version 01.00.0000
[ 259.0488 ]
@JerryChang Any more suggestions? Is there something wrong with my Jetson AGX Xavier that I can’t enable secure boot?
hello dcapers44,
are you using the combination as r32.4.3 SecureBoot package + r32.5 JetPack release?
if yes,
could you please replace secureBoot package for verification,
there’s R32.5 secureBoot package via https://developer.nvidia.com/embedded/linux-tegra page, this somehow did not present in the download center…
@JerryChang I am using the following:
Secure Boot - secureboot_R32.5.0_aarch64.tbz2
L4T - Tegra186_Linux_R32.5.0_aarch64.tbz2
hello dcapers44,
FYI,
we have verified with l4t-r32.5.1 JetPack release + r32.5 secureBoot package on Xavier-32GB fused device.
here’re commands to flash the board.
the flash process is complete and this device is able to boot-up.
for example,
$ sudo BOARDID=2888 FAB=400 BOARDSKU=0004 BOARDREV=K.0 ./flash.sh --no-flash -u rsa_priv.pem -v sbk.key jetson-xavier mmcblk0p1
$ sudo bash ./flashcmd.txt
since you’re having error when loading and extracting kernel-dtb after validation,
[0009.649] E> fdt_open_into fail (FDT_ERR_BADMAGIC)
[0009.649] E> Error (727449637) extracting the kernel DTB
there’s a failure, FDT_ERR_BADMAGIC. which seems the kernel-dtb’s magic number is wrong.
suspect the kernel-dtb image didn’t be signed/encrypted properly.
could you please review your commands, assigned keys, and these process should based-on r32.5 packages.
thanks
@JerryChang I was able to boot my Jetson AG Xavier with the info you provided in your last post… Thank you.
sudo BOARDID=2888 FAB=400 BOARDSKU=0004 BOARDREV=K.0 ./flash.sh --no-flash -u RSA_Key.pem -v SBK.txt jetson-xavier mmcblk0p1
sudo BOARDID=2888 FAB=400 BOARDSKU=0004 BOARDREV=K.0 ./flash.sh --no-flash -u RSA_Key.pem -v SBK.txt jetson-xavier mmcblk0p1
sudo bash ./flashcmd.txt
Now I want to know why I can’t use user key, SBK, and PKC key-sign when flashing the Jetson? Is this something that I can do with my Jetson?
sudo BOARDID=2888 FAB=400 BOARDSKU=0004 BOARDREV=K.0 ./flash.sh --no-flash -u RSA_Key.pem -v SBK.txt --user_key User_Key.txt jetson-xavier mmcblk0p1
hello dcapers44,
suggest you may refer to developer guide, Preparing the User Key to prepare the user_key.
The user key is stored in the Encrypted keyblob (EKB) in encrypted form. The Secure Engine (SE) retrieves the user key from the EKB and uses it to decrypt the kernel image files.
Please make sure you use the same user_key in EKB generation and also flashing the device.
thanks
hello dcapers44,
moreover,
you have to first replace the eks.img in bootloader folder with the eks.img you built using your own user_key for image flashing.
please also note that key format is different used in eks.img generation and flash.sh.
for example,
if a key, ffeeddccbbaa99887766554433221101 is used to generate eks.img.
the corresponding key, 0xffeeddcc 0xbbaa9988 0x77665544 0x33221101 MUST be used as user_key in flash command.
please have confirmation and share the results.
thanks
Hi dcapers44,
Please have confirmation and share the results by referring our previous suggestions.
Hello,
I have the same issue but I can’t find gen_ekb.py to create eks.img file.
The eks.img file seems to be create each time I use flash.sh so if I replace the file flash.sh rewrite the file ?
Why flash.sh do not generate eks.img with custom user_keys already provided ?
For the moment I can’t confirm that it works I am stuck with the same issue.
Thank you so much for your help.
hello JulienMoinard,
it’s flash script to “flash” eks.img to the EKS partition, you should generate that image by yourself.
you should download L4T Driver Package (BSP) Sources and check below for gen_ekb.py.
for example,
$L4T_Sources/r32.5/Linux_for_Tegra/source/public/atf_and_trusty/trusty/app/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb/gen_ekb.py
however, there’s sample script.
you should generate the sample EKB for EKS partition yourself, please run the script to generate eks.img.
please refer to readme file at the same path for more details.
for example,
$L4T_Sources/r32.5/Linux_for_Tegra/source/public/atf_and_trusty/trusty/app/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb/example.sh
you should copy the generated eks.img to $OUT/Linux_for_Tegra/bootloader/eks.img;
please use flash.sh with “-u <rsa_priv.pem> -v <sbk.key> --user_key <user.key>” options to flash that.
after that, please check bootloader logs for confirmation.
there’s should be success on eks validation/load during boot-up.
you should looking for logs, authenticate_oem_payload: Decrypt the binary on loading kernel, kernel-dtb and initrd images.
thanks
Dear JerryChang,
Thank you so much I understand now why it doesn’t work.
For information the path is wrong the right one seems to be :
$L4T_Sources/r32.5/Linux_for_Tegra/source/public/trusty_src.tbz2/trusty/app/sample/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb/example.sh
But I am facing to an issue, I need two keys (one for kernel user_key and one for disk encryption provided with -i in flash.sh)
In documentation I can read usage 2 times of -in sym_key but in your example only one -in_sym_key can be use ?
In your documentation
python3 gen_ekb.py -kek2_key <kek2_fuse_key_file>
-fv <fv_for_ekb_ek>
-in_sym_key <sym_key_file>
-in sym_key2 <sym2_key_file>
-out <eks_image_file>
In your example script, only the first -in_sym is used ?
I need to duplicate load symmetric key code ?
with open(args.in_sym_key[0], ‘rb’) as infd:
tmp = infd.read().strip()
in_content += codecs.decode(tmp, ‘hex’)
I am verry close to have a secure boot with full encryption enabled.
I need your help to finish my project.
Thank you so much for your help.
Best regards,
hello JulienMoinard,
did you download the latest r32.5 sources release package?
I can see two symmetric key files were used in the example,
for example,
gen_ekb/example.sh
python3 gen_ekb.py -kek2_key kek2_key \
-fv fv_ekb \
-in_sym_key sym.key \
-in_sym_key2 sym2.key \
-out eks.img
there’s also handing in the python scripts. ./gen_ekb/gen_ekb.py
def main():
global verbose
...
if not all(map(os.path.exists, [args.kek2_key[0], args.fv[0], args.in_sym_key[0], args.in_sym_key2[0]])):
...
# load sym key file
with open(args.in_sym_key[0], 'rb') as infd:
tmp = infd.read().strip()
in_content += codecs.decode(tmp, 'hex')
with open(args.in_sym_key2[0], 'rb') as infd:
tmp = infd.read().strip()
in_content += codecs.decode(tmp, 'hex')
Ok thank so much, I probably use the wrong sources files but I click on your link in your last post so I don’t understand because the path is not right and it was an old file october 2020 with only one key…
Anyway that fine I add by myself modifications to use two keys.
So, I generate my custom eks.img with two custom key and put eks.img to bootloader folder.
But I am always stuck on nvidia logo at boot with
[0011.085] I> Copying kernel image (34609160 bytes) from 0xa4ad0000 to 0x80080000 … [0011.095] I> Done
[0011.095] E> fdt_open_into fail (FDT_ERR_BADMAGIC)
[0011.096] E> Error (727449637) extracting the kernel DTB
[0011.117] I> Kernel EP: 0x80080000, DTB: 0x90000000
Are you sure I need to put my eks.img into bootloader folder ? because each time I use flahs.sh the eks.img is rewritten.
I think my eks.img is not used due to rewrite by flahs.sh.
Do you know if it is normal that flash.sh change my eks.img file ?
Do you you think I need to add setting to flash.sh to use my custom eks.img and avoid rewriting eks.img from flash.sh ?
If I put two keys into eks.img how the bootloader choose the key for kernel, and how the kernel choose the right key for decrypt disk ? encrypt kernel is the first one and encryption disk is the second one ?
Thank you for your help.
Julien.
hello JulienMoinard,
I’ve download the L4T source package and check again, it’s r32_release_v5.1 source package, which used two symmetric key files in the implementation.
the download link to the sources should be correct, could you please helps to confirm this also.
so, here’s an error of verification failed.
please make sure that the eks.img you generated is using the same user_key in flash.sh.
may I know what’s the security settings you’d enable for your Jetson AGX Xavier?
you could share the fuse commands and messages, or, you may share the details of fuse info for reference,
thanks
Hello,
If I download your sources file the path of exemple is wrong can you confirm me the right path to find the script with two keys ?
But can you confirm me, it is normal that flash.sh edit the eks.img each time you run flash.sh script ?
Thank you.