-
Notifications
You must be signed in to change notification settings - Fork 227
OE4T Meeting Notes 2023 09 14
Dan Walkes edited this page Sep 16, 2023
·
1 revision
7
- Digsig signing server for UEFI payload signing, tegrademodistro
- Chad just starting on this now. Progression planning to take
- Using devkit and production module, go through manual steps.
- Next try to get something working on tegra-demo-distro.
- Matt has signing server support on his test-distro, want to discuss moving this to tegra-demo-distro
- Secure boot override - target which is signed will add that override. Functions in signing server bbclass overrides a hook somewhere else, uses that to call to signing server. If the target is secure, those functions get exercised, otherwise they get ignored.
- https://pretalx.com/openembedded-workshop-2023/talk/3C8MFF/ - bbclass to do signing. Something missing on openembedded core. Jose will try to use and push upstream. Chad will look at this.
- Jetpack 5 signing status: AGX Orin chain of trust validated by Ilies with dm-crypt, secureboot, uefi secureboot, and optee
- Haven’t tried latest jetpack release which also adds kernel encryption from UEFI stage.
- Haven’t tried latest jetpack release around EKB enhancements.
- Would be useful to have an overview for Jetpack 5 and working example.
- With latest jetpack planning to use initrd flashing to do initial encryption step.
- Question regarding dm-verity for r35.
- Haven’t tried yet, dm-crypt works.
- Have tried dm-verity with TX2 and Jetpack 4.
- Did notice an issue dm-verity on RAUC and Jetpack 4, fail verifying bundle. Dmesg logs mentioned mismatch on SHA-256.
- Noticed a similar issue and had a patch for this on Jetpack 4. Had this working on Xavier on Jetpack 4.
- Jetpack 6 EA
- Working with NVIDIA to get access.
- Deepstream 6.3 coverage
- See discussion at https://forums.developer.nvidia.com/t/deepstream-6-3-is-now-available-for-download/262646/3?u=danwalkes
- See hacks here - does not match response.
- Hacky install steps from librdkalfcka here
- RAUC Pull request
- See this PR
- Suggestion to use dynamic layers
- Works well for ostree implementation.
- RAUC working on Jetpack 5.
- r35.4.1 test coverage
- See this link
- Running on AGX Xavier
- Running on Xavier NX with RAUC
- Jetpack 5 updates
- Jetpack 5 to Jetpack 5 working on swupdate and RAUC, using capsule updates
- No progress on a Jetpack 4 to 5 transition for Xavier AFAIK.
- Yocto project summit in November
- https://summit.yoctoproject.org/yocto-project-summit-2023-11/
- Proposal deadline Oct 2nd