How to Update the UEFI on Nvidia Jetson Orin Nano Dev Board

Issue Overview

Users of the Nvidia Jetson Orin Nano Dev board are experiencing difficulties in accessing and updating the QSPI (Quad Serial Peripheral Interface) RAM from within a Linux environment. This issue arises due to a security feature implemented in the L4T (Linux for Tegra) 35.2.1 release, which restricts access to QSPI flash memory.

Symptoms include:

• Inability to access or update overlays stored in the SPI partition while running Linux.
• Errors encountered when attempting to enable the driver for /dev/mtd, which is necessary for accessing QSPI.
• Users are seeking guidance on performing UEFI updates and addressing CVEs (Common Vulnerabilities and Exposures) in the field.

The issue predominantly affects users working with JetPack version 5.1.2 L4T R35.4.1, particularly those building OS images using Yocto for various Jetson boards, including both development kits and custom boards. The impact of this problem is significant as it hinders the ability to perform necessary updates and maintain system security.

Possible Causes

The following potential causes have been identified for the issue:

• Security Features in L4T: The restriction on accessing QSPI from Linux is a deliberate security measure that prevents unauthorized access to critical firmware components.

• Driver Issues: The inability to generate /dev/mtd nodes indicates that there may be issues with the drivers required for QSPI access, which could be exacerbated by the current configuration or kernel version.

• Configuration Errors: Misconfigurations during setup or updates may lead to failures when attempting to access or modify QSPI memory.

• Environmental Factors: Power supply inconsistencies or temperature variations could affect the performance and accessibility of hardware components.

• User Errors: Incorrect command usage or misunderstanding of the update process may lead users to encounter errors when trying to update firmware.

Troubleshooting Steps, Solutions & Fixes

To address the issue of updating UEFI on the Nvidia Jetson Orin Nano Dev board, users can follow these troubleshooting steps and solutions:

1. Identify Your Setup:

   • Confirm whether you are using a development kit or a custom board.
   • Check your current JetPack version by running:

     dpkg -l | grep jetpack
     

2. Accessing QSPI Memory:

   • If you need to update only the QSPI memory without affecting the root filesystem, use the following command:

     sudo ./flash.sh --no-systemimg -c bootloader/t186ref/cfg/flash_t234_qspi.xml <board> <storage device>
     

   • Replace <board> and <storage device> with your specific configurations.

3. Performing OTA Updates:

   • Note that OTA updates do not allow selective partition updates. You can choose from:
     • Root filesystem only
     • Bootloader only
     • Both root filesystem and bootloader
   • Refer to NVIDIA’s documentation on generating OTA packages for detailed instructions.

4. Building UEFI Updates:

   • For users needing to build and update UEFI, follow these instructions available on NVIDIA’s GitHub repository:
     • Build without Docker: NVIDIA edk2-nvidia Wiki

5. Best Practices:

   • Regularly check for updates from NVIDIA regarding security patches or firmware updates.
   • Maintain backups of your configurations before performing any updates.
   • Test updates in a controlled environment before deploying them in the field.

6. Further Investigation:

   • If issues persist after following these steps, consider reaching out to NVIDIA support or consulting community forums for additional assistance.

By adhering to these guidelines, users can effectively manage UEFI updates on their Nvidia Jetson Orin Nano Dev boards while mitigating potential issues related to QSPI access and system security.