OE4T Meeting Notes 2023 05 11 - OE4T/meta-tegra GitHub Wiki

Video

https://youtu.be/1dVxIU0GIn8

Attendees

10

Topics

  • Status of capsule update. Mender approach and UEFI. Persistent storage used to communicate between linux user space and boot code.
    • Mender master branch has support for generating UEFI capsules which may be possible to leverage.
    • EFI upstream doesn’t model the A/B boot slot concept as implemented by Nvidia. All a/b boot slot stuff is implementation specific to NVIDIA.
    • Supporting other EFI launchers might be difficult. Boot order and fallback boot paths are in EFI today, but the firmware is different.
    • NVIDIA does have a partition table with rootfs a/b and encryption options today, so we could use this going forward instead of building our own custom partition per machine.
    • May make sense to hold off on getting too deep into the implementation until we get more from NVIDIA. The preview for A/B slot looks like it’s technically OK based on a brief review but also obvious things are still in flux.
    • The alternative is to decouple boot firmware a/b slotting from rootfs and kernel path. This should now be possible. However it may be best to start with an implementation more closely aligned with Stock L4T and the previous implementation used for Jetpack 4, which associates boot slots with rootfs/kernel.
  • Differences between stock L4T and layer regarding how to support different flavors of orin nx and nano.
    • Recent changes to support booting Orin NX in nano carrier required a new MACHINE.
    • If you use stock L4T you can just use the Nano configuration there.
    • Only differences between different versions of nano and nx - use boardsku to differentiate between. Stock L4T picks what to flash based on what the EEPROM says.
    • On OE4T we need to know at build time which device you are targeting. To add Orin NX to Nano carrier the latest changes added a new machine type which encodes part number for carrier and SKU for processor.
    • This change will only support Orin NX 16 GB, will need another one for Orin NX 8GB and Orin Nano.
    • 4GB Orin Nano would be yet another machine. Will blow up the number of machine configs to handle board SKUs. Might be possible to do fewer of them with more clever ways to arrange things.
    • If targeting the Orin NX 8GB SKU we don’t have a machine yet. Will accept PR to have one.
    • Will be difficult to support generically, would need to target a specific device tree. Things like secure boot signing need to be handled at device time. Different device tree in the kernel, different BPMP firmware.
    • If you need support for different variations of ORIN SKUs and don’t see the config.
    • Should be possible to mount a Nano in 3509 Xavier NX devkit. Have done that with Orin NX, haven’t tried with Orin Nano.
    • Might ultimately need or want a “super machine” setup which can build multiple possible images, then decide which one to program at tegraflash time. However this might get tricky, especially getting multiple combinations of kernel/devicetree built where necessary.
    • Work in this link might be related.
  • Matt’s Bandwidth and Plea for More Community Involvement
    • Matt will have limited time to work on the project going forward.
    • PR’s are welcome, as are issues or gitter posts asking for direction.
  • JAXI boot
  • ELC presentation
    • Created template and put in skeleton of presentation.
    • Ilies focusing on secure boot.
    • Slides are due the 21st of June.
  • Mender server and Kubernetes
    • Using Terraform and Tegragrunt, similar to Ansible.
    • Fighting microservices issue on Mender side.
    • Hopefully will ultimately release this work open source.
    • Others have seen issues with large artifact push. Will follow-up on this on gitter.
  • Secure boot on Jetpack 5/Orin