OTA Issue with the Orin Nano Devkit
Issue Overview
Users are experiencing an OTA (Over-The-Air) update failure on the Nvidia Jetson Orin Nano devkit when PKC (Public Key Cryptography) and SBK (Secure Boot Key) are enabled. The failure occurs during the execution of the nv_ota_start.sh
script, which does not complete successfully. The specific error message indicates a mismatch in the SHA1 checksum for a recovery image, leading to an "error update state" and termination of the update process. This issue arises consistently when attempting to perform OTA updates on devices that have been configured with secure boot features.
The affected hardware is the Orin Nano devkit, running R35-4 software with PKC and SBK enabled. Users have noted that a similar OTA process succeeds on a non-fused device without these security features. The logs attached to the forum discussion detail the specific errors encountered during the OTA process, highlighting a potential configuration issue related to the recovery image state.
Possible Causes
- Hardware Incompatibilities or Defects: Devices with PKC and SBK may have unique requirements that lead to OTA failures if not met.
- Software Bugs or Conflicts: There may be unresolved bugs in the OTA tools or scripts that do not handle secure boot configurations properly.
- Configuration Errors: Improper setup of the device’s boot configuration or recovery images can lead to mismatches and errors.
- Driver Issues: Outdated or incompatible drivers may interfere with the OTA process.
- Environmental Factors: Power supply issues or temperature fluctuations could potentially affect the OTA process.
- User Errors or Misconfigurations: Incorrectly generated OTA packages or usage of mismatched keys could lead to failures.
Troubleshooting Steps, Solutions & Fixes
-
Verify Configuration:
- Ensure that both PKC and SBK are correctly configured and match between the devkit and the OTA package.
- Confirm that the BASE and TARGET versions are identical (e.g., both set to R35.4.1).
-
Check Logs for Clarity:
- Review logs from both
nv_ota_start.sh
andotaPlPkgGen.log
for any additional error messages that could provide insight into the failure.
- Review logs from both
-
Generate OTA Package Correctly:
- Use the following command to generate the OTA payload package:
sudo -E ./tools/ota_tools/version_upgrade/l4t_generate_ota_package.sh -u pkc.pem -v sbk.key --external-device nvme0n1 jetson-orin-nano-devkit R35-4
- Ensure that you are using the same
pkc.pem
andsbk.key
files for both the board and the OTA package.
- Use the following command to generate the OTA payload package:
-
Modify Recovery Image Check (if applicable):
- If encountering issues with recovery image states, consider modifying checks in
nv_ota_update_alt_part.func
as follows:- Relax checks regarding "newness" of alt images if they are causing failures.
- If encountering issues with recovery image states, consider modifying checks in
-
Test Different Configurations:
- If possible, test with a different Orin Nano devkit that does not have PKC/SBK enabled to isolate whether these features are causing issues.
-
Driver Updates:
- Ensure all drivers are up-to-date by checking for updates on Nvidia’s developer portal.
-
Consult Documentation:
- Review Nvidia’s documentation regarding OTA processes, particularly sections related to secure boot configurations.
-
Best Practices for Future Updates:
- Regularly back up configurations before performing updates.
- Follow recommended procedures for generating OTA packages, especially when using custom configurations or boards.
-
Report Unresolved Issues:
- If issues persist after following these troubleshooting steps, consider reporting them on Nvidia forums with detailed logs for further assistance from community members or Nvidia support.
By following these steps, users should be able to diagnose and potentially resolve their OTA issues with the Orin Nano devkit effectively.