Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secureboot fuse programming on Jetson TX2 32.2.1 #193

Closed
dwalkes opened this issue Oct 18, 2019 · 3 comments
Closed

Secureboot fuse programming on Jetson TX2 32.2.1 #193

dwalkes opened this issue Oct 18, 2019 · 3 comments

Comments

@dwalkes
Copy link
Member

dwalkes commented Oct 18, 2019
edited
Loading

Hi Everyone,
I'm trying to go through secureboot setup steps on 32.2.1 (using nvidia setup instructions) and I'm blocked on the odmfuse.sh step. I haven't been able to get this command to succeed on any part I've tried, and my forum post has so far not resulted in any feedback which helps understand or determine a workaround or fix for the problem. I also have not yet been able to get a bash -x or strace output of a successful odmfuse.sh command from nvidia. This might be useful to compare to what I'm seeing and come up with a workaround.

My question is whether anyone has successfully performed secureboot fuse programming on 32.2.1 using odmfuse.sh on any part but especially Jetson TX2 and, if so, if they would be willing to share a bash -x and/or strace of the successful execution which I could use to compare to what I see when attempting to run.

I've got a project at https://github.com/Trellis-Logic/secureboot-tegra which automates the steps related to downloading and setting up the files needed for secureboot. If I can figure out how to get past this currently blocking issue my long term goal would be to put this into a set of patches which could be contributed to meta-tegra.

Thanks for any suggestions or feedback.
@madisongh
Copy link
Member

Looks like the problem is with the chip UID checks - the device is very finicky about when the UID can be read, so --skipuid has to be applied to the tegraflash.py invocations at exactly the right time... and that can be different for each SoC type.

With the attached patch to odmfuse.sh I was able to get a successful fuse burn: fix-uid-check-in-odmfuse.patch.txt.

Of course, now that I've done this, I've got to get meta-tegra updated so I can generate signed images for flashing...

dwalkes added a commit to Trellis-Logic/secureboot-tegra that referenced this issue Oct 21, 2019
@dwalkes
Fix for fuse programming failure on tegra
32a2985 
Provided by Matt Madison, see [this
issue](OE4T/meta-tegra#193)
@dwalkes
Copy link
Member Author

dwalkes commented Oct 21, 2019

With the attached patch to odmfuse.sh I was able to get a successful fuse burn: fix-uid-check-in-odmfuse.patch.txt.

Thanks @madisongh! I can confirm that works for me too.

Of course, now that I've done this, I've got to get meta-tegra updated so I can generate signed images for flashing...

I'd be happy to help with this if I can be useful. I'll see how far I can get this week and open a new issue if I can get anything ready to share. Or if you are able to complete it before I can I'd be happy to help with testing/documentation.

@dwalkes dwalkes closed this as completed Oct 21, 2019
@madisongh
Copy link
Member

@dwalkes I have some work in progress on the wip-secure-boot-tegra186 branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dwalkes @madisongh