mind | EOSS2023 – Maintaining a Community BSP Layer: Updating Meta-Tegra Through Major Changes – Tim Orling, Konsulko Group & Ilies Chergui, Medtronic

OE4Tegra is a community-developed yocto layer to support Tegra platforms (without any support from nVidia).

nVidia’s Jetpack 5 supports the new Jetson platforms introduced in 2023: Orin NX, Orin Nano. It also still supports the 2018 AGX Xavier and Xavier NX. Older platforms are no longer supported. JP5 uses Linux 5.10. The reference file system is Ubuntu 20.04. Trusty has moved to OP-TEE and the bootloader moved to UEFI. It supports CUDA 11.4 and 11.8 is in progress in OE4T.

nVidia now also has an OTA mechanism. OE4T had their own mechanism and they need to bring in nVidia’s approach. Help wanted. Several open source OTA updates exist already: mender, rauc, swupdate, ostree. Mender is fully integrated with OE4T but only for Jetpack 4. RAUC also has a community layer for tegra, but also only Jetpack 4.

OE4T needed to move to dunfell where the override syntax has changed.

The Jetpack 5 UEFI bootloader is based on EDK II.

Trusted execution environment moved to OP-TEE which is open source. For existing applications, this requires migrating the API calls and trusted applications.

For secure boot, fuses need to be burned and you need to go into a special programming mode for that. The process is controlled from an XML file. Different platforms support different encryptions algorithms. Secure boot follows the UEFI standard.

For disk encryption, there’s an NVLuks application in OP-TEE that has access to the encryption key in OTP. It uses that to generate a passphrase for LUKS. There’s a keyfile reserved for kernel encryption as well, but it’s currently unused.

You should base your product on an LTS branch of yocto. However, it’s important to also keep a CI job running on master. It’s OK if it breaks, but that way you can fix issues gradually instead of in one big switch.

In OE4T, development goes into the master branch which tracks yocto master. It’s never stable. There are also branches for mickledore, kirkstone (with two L4T releases) and dunfell. Moving forward, master will only be in Jetpack 6 (and therefore, only Orin). LTS branches stay on the Jetpack release on which they were originally created. So kirkstone is on Jetpack 5.

To get started, clone tegra-demo-distro, run setup-env with the machine corresponding to your hardware, and build the demo image.