OE4T Meeting Notes 2023 09 14 - OE4T/meta-tegra GitHub Wiki

Video

https://youtu.be/f6AVw3aCLpA

Attendees

7

Topics

  • Digsig signing server for UEFI payload signing, tegrademodistro
    • Chad just starting on this now. Progression planning to take
    • Using devkit and production module, go through manual steps.
    • Next try to get something working on tegra-demo-distro.
    • Matt has signing server support on his test-distro, want to discuss moving this to tegra-demo-distro
    • Secure boot override - target which is signed will add that override. Functions in signing server bbclass overrides a hook somewhere else, uses that to call to signing server. If the target is secure, those functions get exercised, otherwise they get ignored.
    • https://pretalx.com/openembedded-workshop-2023/talk/3C8MFF/ - bbclass to do signing. Something missing on openembedded core. Jose will try to use and push upstream. Chad will look at this.
    • Jetpack 5 signing status: AGX Orin chain of trust validated by Ilies with dm-crypt, secureboot, uefi secureboot, and optee
      • Haven’t tried latest jetpack release which also adds kernel encryption from UEFI stage.
      • Haven’t tried latest jetpack release around EKB enhancements.
    • Would be useful to have an overview for Jetpack 5 and working example.
    • With latest jetpack planning to use initrd flashing to do initial encryption step.
  • Question regarding dm-verity for r35.
    • Haven’t tried yet, dm-crypt works.
    • Have tried dm-verity with TX2 and Jetpack 4.
    • Did notice an issue dm-verity on RAUC and Jetpack 4, fail verifying bundle. Dmesg logs mentioned mismatch on SHA-256.
    • Noticed a similar issue and had a patch for this on Jetpack 4. Had this working on Xavier on Jetpack 4.
  • Jetpack 6 EA
    • Working with NVIDIA to get access.
  • Deepstream 6.3 coverage
  • RAUC Pull request
    • See this PR
    • Suggestion to use dynamic layers
    • Works well for ostree implementation.
    • RAUC working on Jetpack 5.
  • r35.4.1 test coverage
    • See this link
    • Running on AGX Xavier
    • Running on Xavier NX with RAUC
  • Jetpack 5 updates
    • Jetpack 5 to Jetpack 5 working on swupdate and RAUC, using capsule updates
    • No progress on a Jetpack 4 to 5 transition for Xavier AFAIK.
  • Yocto project summit in November