Does anyone know how I can get a DGX Spark OS ISO File?
Download the install media here: DGX Spark for AI Developers - Get Started | NVIDIA Developer
Follow the re-flashing guide here: System Recovery — DGX Spark User Guide
I want to enable full disk LUKS, doesn’t let me do that in the system recovery
Is there a way I can do a full disk encryption?
Disk encryption is done via the UEFI Bios Menu. From the Main Menu ‘select’ the Security Tab. Once in the Security tab use the down arrow and look for TCG Storage Security Configuration. You will see the internal Disk. Highlight the disk and ‘select’ enter. You will see several options to secure the disk - setting the Admin Password will encrypt the drive.
You will need to register an enterprise account, then download the :DGXOS-7.2.3-2025-10-04-06-28-28-arm64.iso(see link below). Select Advanced options and encrypt root file system for DGX Spark.
We use Clevis and the integrated TPM.
#install needed packages
apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2 tpm2-tools
#Take ownership of TPM
tpm2_clear
#proceed
echo -n Enter LUKS password:
read -s LUKSKEY
echo “”
#If you want some security behind your tpm
#This will set up the clevis key on the luks slot after the one you have already set up (which is slot 0).
#You can list these with cryptsetup luksDump /dev/nvme0n1p3
#The pcr_id’s show how secure you want your tpm2 setup to be, or you can test by omitting this part completely.
#See PCR choices below.
clevis luks bind -d /dev/nvme0n1p3 tpm2 ‘{“pcr_bank”:“sha256”, “pcr_ids”:“1,7”}’ <<< “$LUKSKEY”
update-initramfs -u -k all
#check
clevis luks list -d /dev/nvme0n1p3
#delete example; -s is one of the slots reported by the previous command
#clevis luks unbind -d /dev/nvme0n1p3 -s 1 tpm2
https://enterprise-support.nvidia.com/s/announcement/a4zVv000000DqDh/nvidia-dgx-os-72-release