I need to clone a previously disk encryption enabled Orin Nano and flash it to another device, I have used Jetson Linux 35.4.1/Jetpack 5.1.2 to create previously disk encryption enabled system . What is the easiest way to achieve this? Thanks a lot.
Hi bozdemir,
Are you using the devkit or custom board for Orin Nano?
Is you rootfs on the SD card or NVMe drive?
Please try using l4t_backup_restore.sh for your use case and you can find more details in <Linux_for_Tegra>/tools/backup_restore/README_backup_restore.txt
I am using Devkit, my rootfs in on sd, I want to be able to clone the sd and use it on another device, the sd is encrypted (ROOTFS_ENC =1./flash.sh …).
Does l4t_backup_restore.sh reads the encrypted sd and then created backup can be flashed to another device ? I fail to see how would that work, because the encrypted disk depends on a specific ECID, does l4t_backup_restore.sh remove encryption to make backup/restore/cloning possible ? By the way, the script gives the following error.
b_r_output.txt (49.8 KB)
It doesn’t and this workflow will not work.
You cannot backup an encrypted running device and restore it to another device/disk, as it brings huge security concerns.
1 Like
Can you recommend me a way to achieve a this? Because after the fresh install for the device, I install and setup a lot of custom software, and I need a way to automate this, should I create an unencrypted system first, with custom softwares/tools, and then flash it with enabling encryption? How do I do this ?
What you want to do is not possible with disk encrpytion turned on.
You can only enable it at the time of flashing, not after flashing.
So for every device I should do the setting up and installing custom software AFTER enabling disk encryption&flashing a fresh system? or is it possible to add softwares that I need to sample root file system? Like for example nvidia-jetpack?
You can make a general massflash package with disk encryption enabled that can be flashed to multiple devices, but not with backup/restore.
https://docs.nvidia.com/jetson/archives/r36.3/DeveloperGuide/SD/Security/DiskEncryption.html#creating-encrypted-images-with-a-generic-key
YES, you can customized the rootfs, but only with packages from Canonical repoes, nvidia-jetpack is from NVIDIA repoes and cannot be installed this way.
https://docs.nvidia.com/jetson/archives/r36.3/DeveloperGuide/SD/RootFileSystem.html
So there is no way to create customized system images(nvidia-jetpack + other software including custom ones) and then flashing them also with encryption. Am I correct?
You are right.
I don’t feel like that is possible.
Actually some packages in nvidia-jetpack check for system files to distinguish whether it’s being run on a Jetson device, and they will refuse to be installed if it is not, so there is no way you can install it in a customized rootfs even if you get access to NVIDIA repoes.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.