OE4T Meeting Notes 2023 08 10 - OE4T/meta-tegra GitHub Wiki

Video

https://youtu.be/B54wtSyonOE

Attendees

11

Topics

  • r35.4.1 release
    • tegra-demo-distro work in progress branch available now
    • demo-image-full build now running.
    • xml files for partition layouts now have sector count in the sed replacement when building the configuration. Added a variable which defaults to nvidia build. If building for larger nvme there’s a variable to define who many sectors there are.
    • For internal storage can use spi only flash layout.
    • Carefully look at release notes if using capsule updates. Upgrades from 35.3 to 35.4 OTA with capsule upgrade may not work reliably.
    • Completely removed nvbuf_utils library and headers, need to use nvbuf service API instead.
    • Multiple PKC secure boot keys now available and documented on Orins.
    • Published sources for v4l2 argus plugin. Could now switch to building from sources for this.
    • Grub bootloader support now - see this link.
    • Jetson Orin Industrial module support now available. Ilies plans to look into this.
    • Will update the current long term kirkstone support branch to latest version of BSP. Only will branch old version of BSP if absolutely necessary.
      • Scarthgap is next Yocto LTS, coming in April 24. Likely will be Jetpack 6.
      • Kirkstone work for Jetpack 6 is in progress for holoscan
  • Mender integration on Jetpack 5
    • Merged PR at https://github.com/OE4T/meta-mender-community/pull/18 to kirkstone branch of OE4T meta-mender-community repo.
    • Planning to wait for a more complete Jetpack 5 implementation before attempting to merge upstream to mender, but if anyone has a reason they’d like to upstream earlier please comment on the PR.
  • Signing server for Jetpack 5
    • Different artifacts which needed to be signed, capsules, UEFI bootloader itself, would correspond to new endpoints in the signing server.
    • New feature in 35.4 - now support encrypting the kernel. Added another mechanism to do that, doesn’t re-use the same secureboot keys.
    • Basic bootloader signing “should” be easy - Orin may be more complicated, however.
    • OPTEE signing, really only need if you are adding OPTEE TAs on the rootfs. OPTEE signing should be reusable across platforms.
    • Capsule signing
  • Holoscan meta layer upgrade is now available.
    • Added separate keys for initial flashing, and update keys which you can include in a bup payload for capsule update. This could support updating the UEFI keys. Probably should look at what is coming in 35.4.
    • Copying the kernel and capsule into the update partition takes most of the space.
    • They now distinguish between bootloader only and kernel only payloads for this reason.
    • Would get rid of android style kernel partitions and just use a kernel.
    • Would only use capsule update for the bootloader.
    • Even if you keep the android style partitions, do the kernel updates yourself.
    • Ext4 implementation added for UEFI in l4tlauncher is not 100% solid. Could run into issues using l4tlauncher plus kernel/dtb outside dedicated android style partitions.
  • LUKS encryption for Jetpack 5
    • Is working and available.