hello adit_bhrgv,
how you create your Encrypted Binary Blob (EKB) file ?
EKB stores two keys, one is the kernel encryption key, and another one is the LUKS key for disk encryption support.
LUKS disk encryption support with a specific key. you should execute the script file, gen_ekb.py
to generate an image.
also, in the developer guide, [Tool for EKB Generation] that sym2.key
is equivalent to ekb.key
for example,
# This is default KEK2 root key for unfused board
echo "00000000000000000000000000000000" > kek2_key
# This is the default initial vector for EKB.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb
# Generate user-defined symmetric key files
# openssl rand -rand /dev/urandom -hex 16 > sym.key
# openssl rand -rand /dev/urandom -hex 16 > sym2.key
echo "00000000000000000000000000000000" > sym.key
echo "00000000000000000000000000000000" > sym2.key
python3 gen_ekb.py -kek2_key kek2_key \
-fv fv_ekb \
-in_sym_key sym.key \
-in_sym_key2 sym2.key \
-out eks.img
LUKS support modules will use the key to generate the per-device unique passphrase.
furthermore,
please refer to Workflow 10 in $OUT/Linux_for_Tegra/tools/kernel_flash/README_initrd_flash.txt for the initrd
approach for image flashing and disk encryption together.
you might also check discussion threads for reference,
for example,