OE4T Meeting Notes 2024‐10‐10

Video

https://youtu.be/qVsPdMvX7gY

Attendees

9

Topics

• L4T 35.6 updates
  • Merge to scarthgap-r35. is done.
  • Working on backport to kirkstone, hoping to have that merged this weekend.
  • See PR at https://github.com/OE4T/meta-tegra/pull/1718
• Jetpack 6.1
  • Work in progress PR at https://github.com/OE4T/meta-tegra/pull/1716
  • Updated CUDA stack
  • Supporting Microsoft firmware TPM, looks complicated to set up. Need to contact NVIDIA to make use of it.
• Disk encryption questions
  • Kernel recipe has signed boot image in the recipe, seems to be redundant to one in image type cboot class. Operate slightly differently. Cboot class signs file and moves cboot.signed result over top of the original .cboot file. Linux recipe doesn’t do this. Have small patch for this to upstream.
  • System installer kernel image has initramfs bundle flag which changes the way the kernel image is constructed. Couldn’t get that to work. UEFI kept throwing errors about not being able to load the image. Took intramfs bundle flag of, let cboot do what it was going to do. Believe issues are related to whether initramfs is compressed or not. Tried to set ramdisk flag to point to compress archive, might be an issue. Per Matt turning off initramfs bundle is probably the correct solution.
  • Unclear how to update the kernel image from system installer
    • Have a separate partition now you need to write with ESP content.
    • In cboot days it was a little easier, the installer scripts should wipe everything on the storage and then reformat the storage, repartition as needed. Then write everything needed to boot to new system. Should include bootloader update and writing ESP partition (new for UEFI). If not using extlinux style kernel loading need to make sure you write kernel in the right place.
  • Running squashfs with verity, needed a few changes for this.
  • sstate skip creation flag normally set to 1 by base class. Set to 0. Unable to set permission on files due to possible host contamination in sudo environment. Jose tried to upstream something for this, didn’t get accepted.
• Swupdate updates for master
  • Questions about UNPACKDIR at https://groups.google.com/g/swupdate/c/8K-9H7C9o5E
• linux-yocto kernel status
  • Working in https://github.com/OE4T/meta-tegra/pull/1680
  • Jetpack 6.1 includes newer version of OOT modules, will simplify patch requirements.
  • Plan to pick this back up with Jetpack 6.1.
  • Discussed possible future support for mainline in https://layers.openembedded.org/layerindex/branch/master/layer/meta-linux-mainline/
  • Might be worth pushing kernel fragments upstream at some point.
• Ratcheting and Rollback prevention issues
  • Documentation makes it seem like DTS to set ratchet value which can be incremented for each partitions plus cpu dtb
  • Seems you should be allowed to increment all of those, fuse to prevent downgrades from occurring.
  • Unable to get fuse to change. Doesn’t seem to work to prevent downloads.
  • Seems CPU bootloader and CPU Bootloader DTB may be the only ratchet values possible to change.
  • Also appears to be a limitation which allows USB flash to override any ratcheting requirements.
• Sparse Updates
  • In tegraflash scripts but not supported by helper
  • Checks GPT of QSPI, if matches only erases partitions that don’t match. Cut’s flash time down from 8-10 minutes down to 3.
  • https://docs.nvidia.com/jetson/archives/r35.3.1/DeveloperGuide/text/SD/FlashingSupport.html#flashing-script-usage