Disc encryption 36.4.3 not working

I cannot get disc encryption to work on L4T 36.4.3 but it works great on L4T 36.2.0.
The problem is that it says the flash was successful but it wont boot correctly afterwards. I’ve attached both flash log as well as the serial debug log to this port.Processing: serial_encryption_bug.log…
Processing: flash_3-3_0_20260415-130836.log…

This is the command that I use on both:

sudo ROOTFS_ENC=1 ADDITIONAL_DTB_OVERLAY_OPT=“BootOrderNvme.dtbo”
./tools/kernel_flash/l4t_initrd_flash.sh
-i “${ENCRYPTION_KEY_PATH}”
–external-device nvme0n1p1
-c tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml
-p “-c bootloader/${ORIN_FLASH_CONFIG_FOLDER}/cfg/flash_t234_qspi.xml”
–network usb0
jetson-orin-nano-devkit internal

I’ve already tried generating new eks_t234.img and sym2_t234.key using the example.sh as I figured the old ones maybe only work for 36.2.0 but I had no success.

serial_encryption_bug.txt (152.8 KB)
flash_log.txt (49.8 KB)

hello fredrik.tegnell,

here’s the error logs, which usually due to an incorrect EKS image has applied.

[   19.908149] ERROR: fail to unlock the encrypted dev /dev/nvme0n1p2.
[   19.910756] Kernel panic - not syncing:

please see-also developer guide, Tool for EKB Generation, you’ll need to run the EKB generation tool with your key files, and update the EKS image (eks_t234.img ) accordingly.

Hello,

I updated the eks_t234.img again and it started working for me, still not sure why but this is solved.