Jetson/L4T BSP development tips
Contents
Preparation
First, please download BSP package from internet. It's preferred to download BSP package, instead of Jetpack.
Go to https://developer.nvidia.com/embedded/linux-tegra.
The following packages are necessary:
L4T Driver Package (BSP)
Sample Root Filesystem
Source code for kernel and other components:
L4T Driver Package (BSP) Sources
Toolchain for kernel building:
GCC 7.3.1 for 64 bit BSP and Kernel
Secure package if secure-boot is necessary:
Jetson Platform Fuse Burning and Secure Boot Documentation and Tools
Then the device can be flashed by command line. With this method, user can have more controls for the BSP configuration, like pinmux, kernel/kernel DTB customization, etc.
BSP customization
PINMUX
How to find out the actual pinmux configuration file
There are several types of Jetson reference boards which are supported in SDK.
Check the configuration file
For example, when the flash command is run:
sudo ./flash.sh jetson-xavier mmcblk0p1
Check the configuration file: jetson-xavier.conf → p2822-0000+p2888-0004.conf → PINMUX_CONFIG="tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg";
(Note: the value of PINMUX_CONFIG may be overwritten. So the later one should take effect.)
Or check the flash log
Run following command:
sudo ./flash.sh -r --no-flash jetson-xavier mmcblk0p1
And check the log:
... copying pinmux_config(/home/Work/jetson_customer/32.4.3/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-pinmux-p2888-0000-a04-p2822-0000-b01.cfg)... done. ...
How to update pinmux
There are several ways to customize the device PINMUX. The simple way is to generate PINMUX configuration through pre-defined excel. Another way is to edit the PINMUX configuration file directly, but that may need more knowledge about PINMUX setting for the chip.
Edit the excel and generate the Configuration
Search 'Pinmux Changes'
Also, another good reference: https://elinux.org/Jetson/AGX_Xavier_Update_Pinmux
Still, please make sure the PINMUX configuration file name is correct.
Edit the pinmux configuration file
That's the direct and simple way, assumed the developer is familiar with PINMUX setting.
Download technical reference manual from https://developer.nvidia.com/embedded/downloads#?search=TRM for different platforms. And those documents contain detailed information.
Edit the prod configuration
L4T document shows another way to override the PINMUX:
Same command as 2.1.1.2, and check the prod configuration in following log:
... copying prod_config(/home/Work/jetson_customer/32.4.3/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-prod-p2888-0000-p2822-0000.cfg)... done. ...
Follow the guide in above link.
How to update device PINMUX
After the pinmux configuration files are changed, re-flash the device:
sudo ./flash.sh jetson-xavier mmcblk0p1 #flash the whole device
or
sudo ./flash.sh -k MB1_BCT jetson-xavier mmcblk0p1 #only flash the MB1_BCT
How to verify the new PINUX configuration works
User can read the PINMUX registers to confirm the new configuration works.
For example,
In PINMUX configuration file, there's an entry:
pinmux.0x0c302030 = 0x00000540; # gen2_i2c_scl_pcc7: i2c2, tristate-disable, input-enable, io_high_voltage-disable, lpdr-enable
And in prod configuration file, another entry:
prod.0x0c302030.0x0000100 = 0x00000000; #gen2_i2c_scl_pcc7: LPDR disable
Run a physical memory access tool, like devmem2 in Jetson device:
root@nvidia-desktop:/home/nvidia# devmem2 0x0c302030 /dev/mem opened. Memory mapped at address 0x7f84359000. Value at address 0xC302030 (0x7f84359030): 0x440
Linux kernel
Kernel building
There are several resources in internet introducing how to build Jetson Linux kernel from source. But it seems that the NV-provided nvbuild.sh never works in my side. Here's the script I'm using for kernel building:
#!/bin/bash set -e export KERNEL_SRC_DIR=${HOME}/Work/jetson_sdk/32.4.3/source/Linux_for_Tegra/source/public/kernel-source/kernel/kernel-4.9 export CROSS_COMPILE=${HOME}/Tools/kernel-toolchain/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu- export TEGRA_KERNEL_OUT=${HOME}/Work/jetson_sdk/32.4.3/source/Linux_for_Tegra/source/public/kernel-build export ARCH=arm64 make -C $KERNEL_SRC_DIR ARCH=arm64 LOCALVERSION="-tegra" O=$TEGRA_KERNEL_OUT tegra_defconfig make -C $KERNEL_SRC_DIR ARCH=arm64 LOCALVERSION="-tegra" O=$TEGRA_KERNEL_OUT -j8 make -C $KERNEL_SRC_DIR ARCH=arm64 INSTALL_MOD_PATH=$TEGRA_KERNEL_OUT/modules_install INSTALL_MOD_STRIP=1 O=$TEGRA_KERNEL_OUT modules_install -j8
Note the parameter 'INSTALL_MOD_STRIP=1' should be added, otherwise the built module will be quite large. For example, nvgpu.ko size will increase from 2.6MB to 89MB.
Ramdisk customization
The original ram-disk image can be copied from device (/boot/initrd) or host SDK directory (Linux_for_Tegra/bootloader/l4t_initrd.img).
1. Extract the initrd by following command:
zcat xxx/initrd | cpio -idmv
2. Change all files in this directory owner as root:
sudo chown root.root * -R
3. Make some private changes. (For example, to add some special echo message in init script.)
4. Repack the initrd:
find . | cpio -o -H newc | gzip > ../initrd.debug
5. Replace the file /boot/initrd with generated file initrd.debug in above step. 6. Reboot the device, and check the kernel log to confirm the new initrd works.
In addition, the initrd can also be built-in to kernel image.
1. Extract the initrd by following command:
zcat xxx/initrd | cpio -idmv
2. Change all files in this directory owner as root:
sudo chown root.root * -R
3. Make some private changes. (For example, to add some special echo message in init script.) 4. Repack the initrd:
find . | cpio -o -H newc > ../initrd.debug.cpio
5. Edit the kernel config, and add the following line:
CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="/home/temp/initr.debug.cpio"
6. Re-build the kernel, replace the kernel image in device. 7. Comment out the default INITRD in /boot/extlinux/extlinux.conf
... LINUX /boot/Image #INITRD /boot/initrd ...
8. Reboot the device, and the kernel should use the built-in initrd.
OVERLAY FS support in Jetson L4T
L4T BSP is using EXT4 file-system as root-FS in eMMC or SDCARD. For EXT4 file-system, there's high risk of file-system corruption if the device does not shut down correctly, like sudden power loss. 'overlayfs' may help to avoid such file-system corruption, especially in embedded products.
Introduction of overlayfs
(Abstracted from https://en.wikipedia.org/wiki/OverlayFS)
(Abstracted from kernel/kernel-4.9/Documentation/filesystems/overlayfs.txt)
and a 'lower' filesystem. When a name exists in both filesystems, the
object in the 'upper' filesystem is visible while the object in the
'lower' filesystem is either hidden or, in the case of directories,
merged with the 'upper' object.
...
The lower filesystem can be any filesystem supported by Linux and does
not need to be writable. The lower filesystem can even be another
overlayfs. The upper filesystem will normally be writable and if it
is it must support the creation of trusted.* extended attributes, and
must provide valid d_type in readdir responses, so NFS is not suitable.
General usage:
mount -t overlay overlay -olowerdir=/lower,upperdir=/upper,\workdir=/work /merged
(Abstracted from https://unix.stackexchange.com/questions/324515/linux-filesystem-overlay-what-is-workdir-used-for-overlayfs)
Add overlayfs support in L4T (verified in Jetson AGX devkit, SDK 32.5)
Kernel update
By default, overlayfs is built by module in kernel configuration. And it should be changed as built-in in kernel.
--- ./kernel/kernel-4.9/arch/arm64/configs/tegra_defconfig.orig 2021-07-22 14:55:08.229066055 +0800
+++ ./kernel/kernel-4.9/arch/arm64/configs/tegra_defconfig 2021-07-21 15:24:10.965243034 +0800
@@ -1132,7 +1132,7 @@
CONFIG_AUTOFS4_FS=y
CONFIG_FUSE_FS=m
CONFIG_CUSE=m
-CONFIG_OVERLAY_FS=m
+CONFIG_OVERLAY_FS=y
CONFIG_VFAT_FS=y
CONFIG_NTFS_FS=y
CONFIG_NTFS_RW=y
Rebuild the kernel, and boot the device with new kernel.
initrd update
(A good reference: http://wiki.psuter.ch/doku.php?id=solve_raspbian_sd_card_corruption_issues_with_read-only_mounted_root_partition) Edit the script 'init' in initrd. This is the patch for ram-FS overlayfs:
--- init.orig 2021-07-21 14:35:50.109250634 +0800
+++ init 2021-07-22 16:36:52.948849123 +0800
@@ -142,7 +142,8 @@
echo "ERROR: ${rootdev} not found" > /dev/kmsg;
exec /bin/bash;
fi
- mount /dev/${rootdev} /mnt/;
+ #do not mount rootdev now
+ #mount /dev/${rootdev} /mnt/;
if [ $? -ne 0 ]; then
echo "ERROR: ${rootdev} mount fail..." > /dev/kmsg;
exec /bin/bash;
@@ -214,13 +215,27 @@
# Disable luks-srv TA
nvluks-srv-app -n > /dev/null 2>&1;
+#create /mnt as mount point
+mount -t tmpfs inittemp /mnt;
+mkdir /mnt/lower;
+mkdir /mnt/rw;
+mount -t tmpfs root-rw /mnt/rw;
+mkdir /mnt/rw/upper;
+mkdir /mnt/rw/work;
+mkdir /mnt/newroot;
+mount -o ro /dev/mmcblk0p1 /mnt/lower;
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot;
+mkdir /mnt/proc;
+mkdir /mnt/sys;
+mkdir /mnt/dev;
+
echo "Rootfs mounted over ${rootdev}" > /dev/kmsg;
mount -o bind /proc /mnt/proc;
mount -o bind /sys /mnt/sys;
mount -o bind /dev/ /mnt/dev;
-cd /mnt;
-cp /etc/resolv.conf etc/resolv.conf
-echo "Switching from initrd to actual rootfs" > /dev/kmsg;
-mount --move . /
+cd /mnt/newroot;
+cp /etc/resolv.conf etc/resolv.conf
+echo "Switching from initrd to actual rootfs (ro-root-fs debug)" > /dev/kmsg;
exec chroot . /sbin/init 2;
Update the device to boot with new initrd. After the kernel's up, the mount information will look like:
overlayfs-root on / type overlay (rw,relatime,lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
...
(Refer to https://elinux.org/Jetson/L4T_BSP_development_tips#Ramdisk_customization for how to customize initrd in L4T SDK.) Now, every change in root-FS will be in ram-FS, and after the device reboots, all changes will be lost. In addition, a lot of memory will also be consumed if big files added/changed.
Also, non-volatile media, like USB-Disk can also be used as overlayfs, which can reserve the changes in root-FS. Here's the init script patch, which use sda1 (USB-Disk) as overlayfs:
--- init.orig 2021-07-21 14:35:50.109250634 +0800
+++ init.sda1.ok 2021-07-22 18:02:48.424700032 +0800
@@ -142,7 +142,8 @@
echo "ERROR: ${rootdev} not found" > /dev/kmsg;
exec /bin/bash;
fi
- mount /dev/${rootdev} /mnt/;
+ #do not mount rootdev now
+ #mount /dev/${rootdev} /mnt/;
if [ $? -ne 0 ]; then
echo "ERROR: ${rootdev} mount fail..." > /dev/kmsg;
exec /bin/bash;
@@ -214,13 +215,46 @@
# Disable luks-srv TA
nvluks-srv-app -n > /dev/null 2>&1;
+# Wait till sda1 ready
+count=0;
+if [ ! -e "/dev/sda1" ]; then
+ while [ ${count} -lt 50 ]
+ do
+ sleep 0.2;
+ count=`expr $count + 1`;
+ if [ -e "/dev/sda1" ]; then
+ break;
+ fi
+ done
+fi
+if [ -e "/dev/sda1" ]; then
+ echo "sda1 found" > /dev/kmsg;
+else
+ echo "ERROR: sda1 not found" > /dev/kmsg;
+ exec /bin/bash;
+fi
+
+#create /mnt as mount point
+mount -t tmpfs inittemp /mnt;
+mkdir /mnt/lower;
+mkdir /mnt/rw;
+mount /dev/sda1 /mnt/rw;
+mkdir /mnt/rw/upper;
+mkdir /mnt/rw/work;
+mkdir /mnt/newroot;
+mount -o ro /dev/mmcblk0p1 /mnt/lower;
+mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot;
+mkdir /mnt/proc;
+mkdir /mnt/sys;
+mkdir /mnt/dev;
+
echo "Rootfs mounted over ${rootdev}" > /dev/kmsg;
mount -o bind /proc /mnt/proc;
mount -o bind /sys /mnt/sys;
mount -o bind /dev/ /mnt/dev;
-cd /mnt;
+
+cd /mnt/newroot;
cp /etc/resolv.conf etc/resolv.conf
-echo "Switching from initrd to actual rootfs" > /dev/kmsg;
-mount --move . /
+echo "Switching from initrd to actual rootfs (ro-root-fs debug)" > /dev/kmsg;
exec chroot . /sbin/init 2;
With this script, after the kernel's up, the mount information is similar. But the root-FS changes will lie in mounted USB-Disk. So it will not be lost after reboot. After sda1 is mounted:
sudo mount /dev/sda1 /media/sda
The content in /media/sda/upper will look like:
├── upper
│ ├── boot
│ │ └── grub
│ │ └── grubenv
│ ├── dev
│ ├── etc
│ │ ├── asound.conf -> /etc/asound.conf.tegrahdat194ref
│ │ ├── fstab
│ │ ├── machine-id
│ │ ├── rc.local
│ │ └── X11
│ │ └── xorg.conf -> /etc/X11/xorg.conf.t194_ref
│ ├── home
│ │ └── nvidia
│ │ ├── Desktop
│ │ │ └── nv_l4t_readme.desktop
...
All changes in root-FS will still be there. Note the USB-Disk read/write throughput may have impact on system performance. In addition, if the device suddenly shutdown/power-off, the file-system in USB-Disk may, with some probabilities, be corrupted. Anyway, the content in EMMC root-FS should be good, and that makes it possible to scan/fix the file-system error or even format the USB-disk.
Secured device
Signing and Encrypting Kernel, Kernel-DTB, Initrd, and extlinux.conf Files
Basic instructions are in (https://docs.nvidia.com/jetson/archives/l4t-archived/l4t-3261/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_secure_boot.html#wwpID0ESHA)
Device preparation
Fuse the device with PKC+SBK+KEK0/1/2. Sample
$ cat odmfuse_pkc.xml
<genericfuse MagicId="0x45535546" version="1.0.0">
<fuse name="SecureBootKey" size="16" value="0x123456789abcdef0fedcba9876543210" />
<fuse name="Kek0" size="16" value="0x00112233445566778899aabbccddeeff" />
<fuse name="Kek1" size="16" value="0x112233445566778899aabbccddeeff00" />
<fuse name="Kek2" size="16" value="0x2233445566778899aabbccddeeff0011" />
<fuse name="PublicKeyHash" size="32" value="0xf3c1b8aae1a056e3cb2226121c0b3cb77f01fe6c8131ca274cce7939b45559ca" />
<fuse name="BootSecurityInfo" size="4" value="0x6" />
<fuse name="SecurityMode" size="4" value="0x1" />
</genericfuse>