Skip to content

Instantly share code, notes, and snippets.

Forked from protosam/Dockerfile
Last active Mar 9, 2022
What would you like to do?
Nvidia Jetson sdkmanager in Docker Notes


Context for this approach here:

Nvidia Jetson SDK Manager in Docker

The goal of this document is to aid in setting up a docker container that can flash Nvidia Jetson devices.

Additional Nvidia resources and documentation can be found here.


On the host system, we need some modules loaded into the kernel that our container will need to work. It's best to use a debian based distro for our contianer to simplify things. My end goal was just to not be running things on a system that was released in 2016. So I did this on Ubuntu 20.04lts.

apt install -y binfmt-support qemu-user-static

We're also assuming you already have docker installed, but if you don't, here's how to install docker on Ubuntu.

apt install

Get the SDK Manager

The sdkmanager can be downloaded here.

You want to download the sdkmanager debian package to the host system and the provided Dockerfile in the same directory. You want to replace sdkmanager_1.3.1-7110_amd64.deb in the Dockerfile with the current .deb file name.

This file will end up being used inside the container image when we build it.

Build the Container Image

With our Dockerfile and sdkmanager_*_amd64.deb file in the same directory. We will run this command to build the image. It will take a while.

docker build -t jetpack-sdk .

If the build was successful, you'll see a tagged image called jetpack-sdk.

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
jetpack-sdk         latest              81ac43286fa0        41 hours ago        1.36GB

If it failed, we will have an untagged image and need to go figure out why:

<none>              <none>              349c7116b0a9        42 hours ago        1.36GB

Using the Image

The way I've been using this is completely manual. The provided Dockerfile is setup to launch a shell for running sdkmanager commands. However if you want to do automation type stuff, everything you need is inside the container and you can spend some time learning the in's and out's of docker to figure that out here.

To launch the container with neccessary permissions, here's the neccessary docker run command.

docker run -it --name=jetpack-sdk --rm=true --net=host --ipc host --privileged --cap-add SYS_ADMIN --volume="/dev/bus/usb:/dev/bus/usb" jetpack-sdk

You will be placed inside a bash shell where you have the entire SDK at your disposal. You can run sdkmanager commands, or if you want to use build tools and make your own images, that can be done in the container too with some work to setup any additional build tools.

If you're using the sdkmanager, if can be used to help you stage commands. The flag --staylogin true is recommended to be added to commands so you don't have keep logging into the Nvidia site during a session. Upon running sdkmanager commands, you will have to click the Nvidia link to open a browser and login.

sdkmanager --cli install --logintype devzone --staylogin true --query interactive

An example command that I built from using the interactive mode:

sdkmanager --cli install  --logintype devzone --staylogin true --product Jetson --host --target P2888-0004 --targetos Linux --version 4.5.1 --flash all --license accept  --datacollection disable

Something to note, the provided command it gave me was P2888-0001, but upon reviewing the sdkmanager logs in ~/.nvsdk in the container, I found that my target device was actually supposed to be P2888-0004.

FROM ubuntu:18.04
# Install SDK deps
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
libgconf-2-4 \
libcanberra-gtk-module \
locales \
netcat \
openssh-server \
usbutils \
libgtk-3-0 \
libx11-xcb-dev \
libxss-dev \
libnss3 \
libcanberra-gtk-module \
libcanberra-gtk3-module \
nodejs \
firefox \
npm \
qemu-user-static \
apt-utils \
tzdata \
kmod \
sudo \
iproute2 \
iptables \
xxd \
cpio \
dnsutils \
RUN dpkg-reconfigure --frontend noninteractive tzdata
COPY sdkmanager_1.4.1-7402_amd64.deb /
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y /sdkmanager_1.4.1-7402_amd64.deb
ENV DEBIAN_FRONTEND noninteractive
# SDK manager won't run as root, so add a non-root user.
# username: nonroot, password: nonroot
RUN useradd -s /bin/bash -p saKGC.F2N0Mxg nonroot
# SDK manager needs root access, so add nonroot to sudoers
# Why does SDK manager need root access but refuse to run as root?
RUN usermod -aG sudo nonroot
WORKDIR /home/nonroot
RUN chown -R nonroot:nonroot /home/nonroot
RUN chmod -R 0755 /home/nonroot
USER nonroot
ENTRYPOINT [ "/bin/bash" ]
Copy link

unphased commented Mar 9, 2022

Hey there, I have a dockerfile that is based off of this, and with the very recent release of sdkmanager_1.7.3-9053_amd64.deb it no longer works properly. The error looks like this:

[   0.0053 ] FwIndex: 15, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 16, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 17, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 18, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 19, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 30, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 31, MinRatchetLevel: 0
[   0.0053 ] FwIndex: 32, MinRatchetLevel: 0
[   0.0053 ]
[   0.0054 ] header_magic: d00dfeed
[   0.0075 ] tegrahost_v2 --chip 0x19 --align 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0084 ]
[   0.0102 ] tegrahost_v2 --chip 0x19 0 --magicid KDTB --ratchet_blob ratchet_blob.bin --appendsigheader 1_kernel_tegra194-p3668-all-p3509-0000.dtb zerosbk
[   0.0109 ] adding BCH for 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0168 ]
[   0.0188 ] --key  --list 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[   0.0188 ] Assuming zero filled SBK key : not reading
[   0.0233 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.hash zerosbk
[   0.0266 ]
[   0.0270 ] Signed file: /home/nonroot/nvidia/nvidia_sdk/JetPack_4.6.1_Linux_JETSON_XAVIER_NX_TARGETS/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt Generate header for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt chip 0x19: add 0x31f5f to offset  0x8 in sig file Generate 16-byte-size-aligned base file for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt the signed file is /home/nonroot/nvidia/nvidia_sdk/JetPack_4.6.1_Linux_JETSON_XAVIER_NX_TARGETS/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
        populating kernel to rootfs... done.
        populating initrd to rootfs... done.
        populating kernel_tegra194-p3668-all-p3509-0000.dtb to rootfs... done.
Making system.img...
losetup: system.img: failed to set up loop device: No such file or directory
mapping system.img to loop device failed.
*** ERROR: flashcmd.txt generation failed.

Continuing to use sdkmanager_1.7.2-9007_amd64.deb for the time being.

Copy link

togaen commented Mar 9, 2022

Thanks @unphased for the note. I've stopped using this in favor of the NVIDIA provided solution:

Dunno if that's useful for what you're doing, but maybe it helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment