Error During Boot on Nvidia Jetson Orin Nano Dev Board

Issue Overview

Users of the Nvidia Jetson Orin Nano Dev Board have reported encountering multiple error messages during the boot process after successfully configuring and flashing the device. The specific symptoms include:

• Error Messages: Users see a series of warnings and errors related to the AES encryption process, such as "AES crypto failed: -17" and "Failed to derive SSK root key (ffff0000)".

• Context of the Issue: The problem occurs during the boot sequence after enabling UEFI Secure Boot. Users have confirmed that despite the errors, they can still boot into Linux, but the presence of these error messages raises concerns about system security and functionality.

• Hardware/Software Specifications: The users have utilized a configuration file for fusing, which includes various keys (OEM_K1, OEM_K2, etc.) and settings for secure boot. The firmware version mentioned is v35.5.0, built on February 26, 2024.

• Frequency of Issue: The issue appears consistently across different setups when UEFI Secure Boot is enabled.

• Impact on User Experience: While users can boot into the system, the errors indicate potential security vulnerabilities and may affect overall system performance or reliability.

Possible Causes

Several potential causes could lead to the observed issues:

• Hardware Incompatibilities or Defects: If there are any defects in the hardware components or incompatibilities with specific configurations, it may lead to encryption failures.

• Software Bugs or Conflicts: Bugs in the OP-TEE version or conflicts with other software components could result in errors during the encryption process.

• Configuration Errors: Incorrectly set parameters in the fuse configuration file or improper generation of the EKB (Encryption Key Blob) could lead to failures in key derivation.

• Driver Issues: Outdated or incompatible drivers may cause problems during secure boot processes.

• Environmental Factors: Issues such as inadequate power supply or overheating could affect hardware performance during critical operations like encryption.

• User Errors or Misconfigurations: Mistakes in following setup instructions, particularly regarding key generation and configuration file settings, may lead to these errors.

Troubleshooting Steps, Solutions & Fixes

To resolve the issue, follow these comprehensive troubleshooting steps:

1. Verify Configuration File Settings:

   • Ensure that all required keys (OEM_K1, OEM_K2) are included in the fuse configuration file.
   • Double-check that the UEFI authentication key is correctly added when creating/updating the EKB image.

2. Test Without UEFI Secure Boot:

   • Temporarily disable UEFI Secure Boot to confirm if the device boots without errors.
   • If successful, this indicates that the issue is likely related to secure boot configurations.

3. Review OP-TEE Documentation:

   • Check for any known issues or updates regarding OP-TEE configurations. The warning about an insecure OP-TEE configuration should be addressed by following porting guidelines provided in its documentation.

4. Re-generate EKB Image:

   • Use the example.sh script again to create a new EKB image while ensuring all parameters are correctly set.
   • Make sure that you are using compatible versions of tools for EKB generation.

5. Check for Firmware Updates:

   • Look for any available firmware updates for both the Jetson Orin Nano Dev Board and OP-TEE that may address known bugs or issues.

6. Isolate Hardware Issues:

   • If possible, test with a different Jetson Orin Nano Dev Board to rule out hardware defects.
   • Ensure that power supply and cooling systems are adequate during operation.

7. Consult Secure Samples Section:

   • Reference secure sample applications provided by Nvidia for further guidance on proper configurations and setups.

8. Monitor System Logs:

   • Use terminal commands to gather logs during boot-up for further analysis.

   dmesg | grep "error"
   journalctl -b
   

9. Engage with Community Support:

   • If issues persist after following these steps, consider posting detailed logs and configurations on relevant forums for community assistance.

By following these steps, users can effectively diagnose and potentially resolve boot-related issues on their Nvidia Jetson Orin Nano Dev Boards while ensuring secure configurations are maintained.