Disk Encryption for Dynamically Created Partitions


this page gives quite some details on the topic: Disk Encryption — Jetson Linux Developer Guide documentation

I can see that the script /usr/sbin/gen_luks.sh performs the task as described by the documentation.

But I could not look up where the final step is taken care of:

After device reboots, /dev/mapper/crypt_DATA is created, unlocked, and mounted at /mnt/crypt_DATA.

Could you please describe which SW component is in charge of encrypting the newly referenced partition?

I’m aware that L4T 35.4.1 mentions:

Disk Encryption describes the Jetson Linux implementation of Linux Unified Key Setup (LUKS), the Linux standard for disk encryption. This release does not support this feature.

It would be interesting to know if the handling of /opt/nvidia/cryptluks is already supported (and I could not find it), or work in progress (partial implementation available), or not yet released at all.


hello maxe777

you may see-also README_initrd_flash.txt for the steps.
for example

Workflow 10: Disk encryption support on external device

For disk encryption for external device on Jetson Xavier, you can flash the external
device with the below command:

- Run this command from the Linux_for_Tegra folder:
$ sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --external-device <external-device> \
      -c <external-partition-layout> \
      [-p "-i encryption.key" ] --external-only \
      -S <APP-size> jetson-xavier external

- all the parameters are the same as above.
- <external-partition-layout> is the external storage partition layout containing
APP, APP_ENC and UDA encrypted partition. In this folder, flash_l4t_nvme_rootfs_enc.xml
is provided as an example.

you’ll also need to add ROOTFS_ENC=1 property to the flash commands,
so that, it’ll load the corresponding flash configuration file to have APP_ENC partition.

Hi @JerryChang,

Thanks for your reply. I read it as the described workflow in the documentation is not yet supported, but this is the closest pointer you have to offer in the L4T. Thanks for sharing.

Please do not hesitate to let me know if there is a misunderstanding.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.