On Ubuntu 18.04, im using JetPack 4.6.2 - L4T R32.7.2
The sequence of the following commands(validation of the PKC key for signature) runs fine :
cd /tmp
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/jetson_linux_r32.7.2_aarch64.tbz2
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/tegra_linux_sample-root-filesystem_r32.7.2_aarch64.tbz2
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/secureboot_r32.7.2_aarch64.tbz2
cd ~
tar xvjf /tmp/Jetson_Linux_R32.7.2_aarch64.tbz2
tar xvjf /tmp/secureboot_R32.7.2_aarch64.tbz2
cd Linux_for_Tegra/rootfs/
tar xvjf /tmp/Tegra_Linux_Sample-Root-Filesystem_R32.7.2_aarch64.tbz2
cd ~/Credential_Keys
openssl genrsa -out rsa_priv.pem 2048
cd ~/Linux_for_Tegra
sudo ./odmfuse.sh -i 0x19 -k /home/citix-ai/Credential_Keys/rsa_priv.pem jetson-xavier-nx-devkit-emmc
sudo ./odmfuseread.sh -i 0x19 -k /home/citix-ai/Credential_Keys/rsa_priv.pem jetson-xavier-nx-devkit-emmc
…
[ 8.2008 ]
Fuse reading is done. The fuse values have been saved in: /home/citix-ai/Linux_for_Tegra/bootloader/fuse_info.txt
PublicKeyHash: 61f2a354fdb9b96f3626e26d8c2de60912bd17b5d46bc290a6d2e84455ccc8c1
SecureBootKey: 00000000000000000000000000000000
Kek0: 00000000000000000000000000000000
Kek1: 00000000000000000000000000000000
Kek2: 00000000000000000000000000000000
Kek256: 0000000000000000000000000000000000000000000000000000000000000000
BootSecurityInfo: 00000001
JtagDisable: 00000000
SecurityMode: 00000000
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000
mkdir -p rootfs/boot/extlinux
touch rootfs/boot/extlinux/extlinux.conf
sudo ./flash.sh -u /home/citix-ai/Credential_Keys/rsa_priv.pem jetson-xavier-nx-devkit-emmc mmcblk0p1
On the console :
[0742.897] I> Writing kernel-bootctrl partition.
[0742.950] I> Writing kernel-bootctrl_b partition.
[0743.053] I> Writing BCT partition.
[0743.284] I> Writing MB1_BCT partition.
[0743.574] I> Writing MB1_BCT_b partition.
[0743.870] I> Writing MEM_BCT partition.
[0745.245] I> Writing MEM_BCT_b partition.
[0746.652] I> Rebooting : reset-coldboot▒▒▒▒Shutdown state requested 1
Rebooting system …
[0000.032] W> RATCHET: MB1 binary ratchet value 4 is too large than ratchet level 2 from HW fuses.
[0000.040] I> MB1 (prd-version: 1.5.1.9-t194-41334769-73a9b7ef)
[0000.046] I> Boot-mode: Coldboot
[0000.049] I> Chip revision : A02P
[0000.052] I> Bootrom patch version : 15 (correctly patched)
[0000.057] I> ATE fuse revision : 0x200
[0000.060] I> Ram repair fuse : 0x0
[0000.063] I> Ram Code : 0x0
[0000.066] I> rst_source : 0xb
[0000.069] I> rst_level : 0x1
[0000.072] I> Boot-device: QSPI
[0000.075] I> Qspi flash params source = brbct
[0000.079] I> Qspi using bpmp-dma
[0000.082] I> Qspi clock source : pllp
[0000.085] I> QSPI Flash Size = 32 MB
[0000.089] I> Qspi initialized successfully
[0000.093] I> Active Boot chain : 0
[0000.096] I> Boot-device: QSPI
[0000.099] I> Qspi flash params source = brbct
[0000.105] W> MB1_PLATFORM_CONFIG: device prod data is empty in MB1 BCT.
[0000.112] I> Temperature = 47000
[0000.115] W> Skipping boost for clk: BPMP_CPU_NIC
…
The sequence of the following commands(validation of the SBK key to encrypt) fails :
cd /tmp
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/jetson_linux_r32.7.2_aarch64.tbz2
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/tegra_linux_sample-root-filesystem_r32.7.2_aarch64.tbz2
wget https://developer.nvidia.com/embedded/l4t/r32_release_v7.2/t186/secureboot_r32.7.2_aarch64.tbz2
cd ~
tar xvjf /tmp/Jetson_Linux_R32.7.2_aarch64.tbz2
tar xvjf /tmp/secureboot_R32.7.2_aarch64.tbz2
cd Linux_for_Tegra/rootfs/
tar xvjf /tmp/Tegra_Linux_Sample-Root-Filesystem_R32.7.2_aarch64.tbz2
cd ~/Credential_Keys
openssl genrsa -out rsa_priv.pem 2048
cat >skb_file.key <<EOF
123456789abcdef0fedcba9876543210
EOF
cd ~/Linux_for_Tegra
sudo ./odmfuse.sh -i 0x19 -k /home/citix-ai/Credential_Keys/rsa_priv.pem -S /home/citix-ai/Credential_Keys/skb_file.key jetson-xavier-nx-devkit-emmc
sudo ./odmfuseread.sh -i 0x19 -k /home/citix-ai/Credential_Keys/rsa_priv.pem -S /home/citix-ai/Credential_Keys/skb_file.key jetson-xavier-nx-devkit-emmc
…
[ 8.0602 ]
Fuse reading is done. The fuse values have been saved in: /home/citix-ai/Linux_for_Tegra/bootloader/fuse_info.txt
PublicKeyHash: 61f2a354fdb9b96f3626e26d8c2de60912bd17b5d46bc290a6d2e84455ccc8c1
SecureBootKey: 123456789abcdef0fedcba9876543210
Kek0: 00000000000000000000000000000000
Kek1: 00000000000000000000000000000000
Kek2: 00000000000000000000000000000000
Kek256: 0000000000000000000000000000000000000000000000000000000000000000
BootSecurityInfo: 00000005
JtagDisable: 00000000
SecurityMode: 00000000
SwReserved: 00000000
DebugAuthentication: 00000000
OdmId: 0000000000000000
OdmLock: 00000000
ReservedOdm0: 00000000
ReservedOdm1: 00000000
ReservedOdm2: 00000000
ReservedOdm3: 00000000
ReservedOdm4: 00000000
ReservedOdm5: 00000000
ReservedOdm6: 00000000
ReservedOdm7: 00000000
ReservedOdm8: 00000000
ReservedOdm9: 00000000
ReservedOdm10: 00000000
ReservedOdm11: 00000000
mkdir -p rootfs/boot/extlinux
touch rootfs/boot/extlinux/extlinux.conf
sudo ./flash.sh -u /home/citix-ai/Credential_Keys/rsa_priv.pem -v /home/citix-ai/Credential_Keys/skb_file.key jetson-xavier-nx-devkit-emmc mmcblk0p1
On the console :
[0742.897] I> Writing kernel-bootctrl partition.
[0742.950] I> Writing kernel-bootctrl_b partition.
[0743.053] I> Writing BCT partition.
[0743.284] I> Writing MB1_BCT partition.
[0743.574] I> Writing MB1_BCT_b partition.
[0743.870] I> Writing MEM_BCT partition.
[0745.245] I> Writing MEM_BCT_b partition.
[0746.652] I> Rebooting : reset-coldboot▒▒▒▒Shutdown state requested 1
Rebooting system …
and nothing else.
What step did I forget to validate the SBK encryption key ?