l4t_sign_image.sh output with RSA 3072 bit key:
===============================================
$ sudo bash -x ../../l4t_sign_image.sh --file ./boot.img  --key /tmp/priv.pem --encrypt_key='' --chip 0x19 --split False
[sudo] password for user:
+ set -e
++ basename ../../l4t_sign_image.sh
+ SCRIPT_NAME=l4t_sign_image.sh
+ FILE_SIZE_OFFSET_T19x=8
+ HEADER_SIZE_T194=4096
+ HEADER_SIZE_T186=400
+ '[' 9 = 0 ']'
+ '[' --file == -h ']'
+ '[' --file == --help ']'
+++ dirname ../../l4t_sign_image.sh
++ cd ../..
++ pwd
+ L4T_DIR=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra
+ L4T_BOOTLOADER_DIR=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader
+ file=
+ signkey=
+ encryptkey=
+ chip=
+ split=True
+ quiet=0
+ opstr+=q-:
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ file=./boot.img
+ OPTIND=3
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ signkey=/tmp/priv.pem
+ OPTIND=5
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ chip=0x19
+ OPTIND=8
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ split=False
+ OPTIND=10
+ getopts q-: OPTION
+ '[' -z ./boot.img ']'
+ '[' -f ./boot.img ']'
++ stat --printf=%s ./boot.img
+ file_size=48400384
+ '[' -z 0x19 ']'
+ '[' -n /tmp/priv.pem ']'
+ '[' -f /tmp/priv.pem ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 ']'
+ exec
+ set_params_using_chipid
+ '[' 0x19 = 0x18 ']'
+ '[' 0x19 = 0x19 ']'
+ offset=4096
+ CMD='/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py '
+ options=(--key "${signkey}")
+ '[' -n '' ']'
+ echo '/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key /tmp/priv.pem --cmd sign ./boot.img'
/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key /tmp/priv.pem --cmd sign ./boot.img
++ /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py --chip 0x19 --key /tmp/priv.pem --cmd 'sign ./boot.img'
++ tee /dev/fd/63
+++ cat -
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0008 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt
[   0.0029 ] Not a valid EC key format
[   0.0037 ] ed25519 key in Open SSL format
[   0.0050 ] python: can't open file 'pubkey_extract.py': [Errno 2] No such file or directory
[   0.0137 ] File pub_key.txt open failed
[   0.0138 ] Not a valid eddsa key format
[   0.0164 ] Invalid key format
[   0.0164 ]
Error: Return value 11
Command tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt
+ output='Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0008 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt
[   0.0029 ] Not a valid EC key format
[   0.0037 ] ed25519 key in Open SSL format
[   0.0050 ] python: can'\''t open file '\''pubkey_extract.py'\'': [Errno 2] No such file or directory
[   0.0137 ] File pub_key.txt open failed
[   0.0138 ] Not a valid eddsa key format
[   0.0164 ] Invalid key format
[   0.0164 ]
Error: Return value 11
Command tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt'
+ '[' -n '' ']'
++ echo 'Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0008 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt
[   0.0029 ] Not a valid EC key format
[   0.0037 ] ed25519 key in Open SSL format
[   0.0050 ] python: can'\''t open file '\''pubkey_extract.py'\'': [Errno 2] No such file or directory
[   0.0137 ] File pub_key.txt open failed
[   0.0138 ] Not a valid eddsa key format
[   0.0164 ] Invalid key format
[   0.0164 ]
Error: Return value 11
Command tegrasign_v2 --key /tmp/priv.pem --getmode mode.txt'
++ grep 'Signed file'
++ sed -n 's/.*Signed file: //p'
+ signedfile=
+ '[' -f '' ']'
+ echo 'l4t_sign_image.sh: Error: Unable to find the signed file generated by tegraflash.py'
l4t_sign_image.sh: Error: Unable to find the signed file generated by tegraflash.py
+ exit 1




l4t_sign_image.sh output with RSA 2048 bit key:
===============================================
$ sudo bash -x ../../l4t_sign_image.sh --file ./boot.img  --key /home/user/Keys/rsa_test_priv.pem --encrypt_key='' --chip 0x19 --split False
[sudo] password for user:
+ set -x
+ set -e
++ basename ../../l4t_sign_image.sh
+ SCRIPT_NAME=l4t_sign_image.sh
+ FILE_SIZE_OFFSET_T19x=8
+ HEADER_SIZE_T194=4096
+ HEADER_SIZE_T186=400
+ '[' 9 = 0 ']'
+ '[' --file == -h ']'
+ '[' --file == --help ']'
+++ dirname ../../l4t_sign_image.sh
++ cd ../..
++ pwd
+ L4T_DIR=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra
+ L4T_BOOTLOADER_DIR=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader
+ file=
+ signkey=
+ encryptkey=
+ chip=
+ split=True
+ quiet=0
+ opstr+=q-:
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ file=./boot.img
+ OPTIND=3
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ signkey=/home/user/BrainKeys/brain_rsa_test_priv.pem
+ OPTIND=5
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ chip=0x19
+ OPTIND=8
+ getopts q-: OPTION
+ case $OPTION in
+ case ${OPTARG} in
+ split=False
+ OPTIND=10
+ getopts q-: OPTION
+ '[' -z ./boot.img ']'
+ '[' -f ./boot.img ']'
++ stat --printf=%s ./boot.img
+ file_size=48400384
+ '[' -z 0x19 ']'
+ '[' -n /home/user/BrainKeys/brain_rsa_test_priv.pem ']'
+ '[' -f /home/user/BrainKeys/brain_rsa_test_priv.pem ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 ']'
+ exec
+ set_params_using_chipid
+ '[' 0x19 = 0x18 ']'
+ '[' 0x19 = 0x19 ']'
+ offset=4096
+ CMD='/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py '
+ options=(--key "${signkey}")
+ '[' -n '' ']'
+ echo '/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --cmd sign ./boot.img'
/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --cmd sign ./boot.img
++ tee /dev/fd/63
+++ cat -
++ /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/tegraflash.py --chip 0x19 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --cmd 'sign ./boot.img'
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0006 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --getmode mode.txt
[   0.0027 ] PKC key in Open SSL format
[   0.0036 ] Key size is 256 bytes
[   0.0042 ] Valid PKC key
[   0.0056 ]
[   0.0058 ] header_magic: 414e4452
[   0.0081 ] tegrahost_v2 --chip 0x19 --align 1_boot.img
[   0.0094 ]
[   0.0104 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_boot.img oem-rsa
[   0.0112 ] adding BCH for 1_boot.img
[   1.0532 ]
[   1.0623 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --list 1_boot_sigheader.img_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   1.0633 ] PKC key in Open SSL format
[   1.0662 ] Key size is 256 bytes
[   1.0678 ] Valid PKC key
[   1.0688 ] Saving pkc public key  in pub_key.key
[   1.1809 ]
[   1.1823 ] tegrahost_v2 --chip 0x19 0 --pubkeyhash pub_key.key --updatesigheader 1_boot_sigheader.img.signed 1_boot_sigheader.img.sig oem-rsa
[   1.7373 ]
[   1.8699 ] Signed file: /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ output='Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0006 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --getmode mode.txt
[   0.0027 ] PKC key in Open SSL format
[   0.0036 ] Key size is 256 bytes
[   0.0042 ] Valid PKC key
[   0.0056 ]
[   0.0058 ] header_magic: 414e4452
[   0.0081 ] tegrahost_v2 --chip 0x19 --align 1_boot.img
[   0.0094 ]
[   0.0104 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_boot.img oem-rsa
[   0.0112 ] adding BCH for 1_boot.img
[   1.0532 ]
[   1.0623 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --list 1_boot_sigheader.img_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   1.0633 ] PKC key in Open SSL format
[   1.0662 ] Key size is 256 bytes
[   1.0678 ] Valid PKC key
[   1.0688 ] Saving pkc public key  in pub_key.key
[   1.1809 ]
[   1.1823 ] tegrahost_v2 --chip 0x19 0 --pubkeyhash pub_key.key --updatesigheader 1_boot_sigheader.img.signed 1_boot_sigheader.img.sig oem-rsa
[   1.7373 ]
[   1.8699 ] Signed file: /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed'
+ '[' -n '' ']'
++ echo 'Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0006 ] Generating signature
[   0.0018 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --getmode mode.txt
[   0.0027 ] PKC key in Open SSL format
[   0.0036 ] Key size is 256 bytes
[   0.0042 ] Valid PKC key
[   0.0056 ]
[   0.0058 ] header_magic: 414e4452
[   0.0081 ] tegrahost_v2 --chip 0x19 --align 1_boot.img
[   0.0094 ]
[   0.0104 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_boot.img oem-rsa
[   0.0112 ] adding BCH for 1_boot.img
[   1.0532 ]
[   1.0623 ] tegrasign_v2 --key /home/user/BrainKeys/brain_rsa_test_priv.pem --list 1_boot_sigheader.img_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   1.0633 ] PKC key in Open SSL format
[   1.0662 ] Key size is 256 bytes
[   1.0678 ] Valid PKC key
[   1.0688 ] Saving pkc public key  in pub_key.key
[   1.1809 ]
[   1.1823 ] tegrahost_v2 --chip 0x19 0 --pubkeyhash pub_key.key --updatesigheader 1_boot_sigheader.img.signed 1_boot_sigheader.img.sig oem-rsa
[   1.7373 ]
[   1.8699 ] Signed file: /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed'
++ sed -n 's/.*Signed file: //p'
++ grep 'Signed file'
+ signedfile=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ '[' -f /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed ']'
++ basename /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ echo 'l4t_sign_image.sh: Generate header for boot_sigheader.img.signed'
l4t_sign_image.sh: Generate header for boot_sigheader.img.signed
+ dd if=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed of=./boot.img.sig bs=4096 count=1
+ write_size_to_sig ./boot.img.sig 48400384
+ local sig_file=./boot.img.sig
+ local size=48400384
+ '[' 0x19 '!=' 0x19 ']'
+ local offset=8
+ echo 48400384
+ grep -qE '^[0-9]+$'
+ '[' 48400384 -lt 0 ']'
+ local tempfile
++ mktemp
+ tempfile=/tmp/tmp.sEsSRKNUZj
++ printf 0x%x 48400384
++ printf 0x%x 8
+ echo 'l4t_sign_image.sh: chip 0x19: add 0x2e28800 to offset ' '0x8 in sig file'
l4t_sign_image.sh: chip 0x19: add 0x2e28800 to offset  0x8 in sig file
+ printf %16x 48400384
+ tac
+ fold -w2
+ tr -d '\n'
+ xxd -p -r
+ tr '[:blank:]' 0
+ dd conv=notrunc if=/tmp/tmp.sEsSRKNUZj of=./boot.img.sig bs=1 seek=8
+ rm /tmp/tmp.sEsSRKNUZj
++ basename /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ echo 'l4t_sign_image.sh: Generate 16-byte-size-aligned base file for boot_sigheader.img.signed'
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for boot_sigheader.img.signed
+ dd if=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed of=./boot.img bs=4096 skip=1
+ [[ /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed = *_sigheader.encrypt.signed ]]
++ dirname ./boot.img
++ basename /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ mv /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed ./boot_sigheader.img.signed
+ true
+++ dirname ./boot.img
+++ basename /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
++ realpath ./boot_sigheader.img.signed
+ newfile=/home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed
+ '[' False = True ']'
+ rm ./boot.img.sig
+ '[' 0 -eq 1 ']'
+ echo 'l4t_sign_image.sh: the signed file is /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed'
l4t_sign_image.sh: the signed file is /home/user/nvidia/nvidia_sdk/JetPack_4.5.1_Linux_JETSON_XAVIER_NX/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.signed