OE4T Meeting Notes 2023 08 10 - OE4T/meta-tegra GitHub Wiki
Video
Attendees
11
Topics
- r35.4.1 release
- tegra-demo-distro work in progress branch available now
- demo-image-full build now running.
- xml files for partition layouts now have sector count in the sed replacement when building the configuration. Added a variable which defaults to nvidia build. If building for larger nvme there’s a variable to define who many sectors there are.
- For internal storage can use spi only flash layout.
- Carefully look at release notes if using capsule updates. Upgrades from 35.3 to 35.4 OTA with capsule upgrade may not work reliably.
- Completely removed nvbuf_utils library and headers, need to use nvbuf service API instead.
- Multiple PKC secure boot keys now available and documented on Orins.
- Published sources for v4l2 argus plugin. Could now switch to building from sources for this.
- Grub bootloader support now - see this link.
- Jetson Orin Industrial module support now available. Ilies plans to look into this.
- Will update the current long term kirkstone support branch to latest version of BSP. Only will branch old version of BSP if absolutely necessary.
- Scarthgap is next Yocto LTS, coming in April 24. Likely will be Jetpack 6.
- Kirkstone work for Jetpack 6 is in progress for holoscan
- Mender integration on Jetpack 5
- Merged PR at https://github.com/OE4T/meta-mender-community/pull/18 to kirkstone branch of OE4T meta-mender-community repo.
- Planning to wait for a more complete Jetpack 5 implementation before attempting to merge upstream to mender, but if anyone has a reason they’d like to upstream earlier please comment on the PR.
- Signing server for Jetpack 5
- Different artifacts which needed to be signed, capsules, UEFI bootloader itself, would correspond to new endpoints in the signing server.
- New feature in 35.4 - now support encrypting the kernel. Added another mechanism to do that, doesn’t re-use the same secureboot keys.
- Basic bootloader signing “should” be easy - Orin may be more complicated, however.
- OPTEE signing, really only need if you are adding OPTEE TAs on the rootfs. OPTEE signing should be reusable across platforms.
- Capsule signing
- Holoscan meta layer upgrade is now available.
- Added separate keys for initial flashing, and update keys which you can include in a bup payload for capsule update. This could support updating the UEFI keys. Probably should look at what is coming in 35.4.
- Copying the kernel and capsule into the update partition takes most of the space.
- They now distinguish between bootloader only and kernel only payloads for this reason.
- Would get rid of android style kernel partitions and just use a kernel.
- Would only use capsule update for the bootloader.
- Even if you keep the android style partitions, do the kernel updates yourself.
- Ext4 implementation added for UEFI in l4tlauncher is not 100% solid. Could run into issues using l4tlauncher plus kernel/dtb outside dedicated android style partitions.
- LUKS encryption for Jetpack 5
- Is working and available.