Disk encryption not working (2) . AGX Orin but also Orin Nano - r35.5.0

Hello

I’ve been trying to flash orin nano and agx orin, with nvme encrypted. I’ve followed the guide and the forums. I’ve ended up using this code for creating folders:

tar xvf Jetson_Linux_R35.5.0_aarch64.tbz2 
sudo tar xvf Tegra_Linux_Sample-Root-Filesystem_R35.5.0_aarch64.tbz2 -C Linux_for_Tegra/rootfs/

tar xvf public_sources.tbz2
cd Linux_for_Tegra/source/public/
tar xvf nvidia-jetson-optee-source.tbz2
cd ../..
sudo tools/l4t_flash_prerequisites.sh
sudo ./apply_binaries.sh

Then I locate example.sh at Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/. I’ve modified it like this:

#!/bin/bash

# [T194 example]
# This is default KEK2 root key for unfused board
#echo "00000000000000000000000000000000" > kek2.key

# This is the fixed vector for deriving EKB root key from fuse.
# It is expected user to replace the FV below with a user specific
# FV, and code the exact same user specific FV into OP-TEE.
#echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t194

# Generate user-defined symmetric key files
# For each key, uncomment the random generate key and comment out the next line for production
# openssl rand -rand /dev/urandom -hex 16 > sym_t194.key
#echo "00000000000000000000000000000000" > sym_t194.key
# openssl rand -rand /dev/urandom -hex 16 > sym2_t194.key
#echo "00000000000000000000000000000000" > sym2_t194.key
# openssl rand -rand /dev/urandom -hex 16 > auth_t194.key
#echo "00000000000000000000000000000000" > auth_t194.key

#python3 gen_ekb.py -chip t194 -kek2_key kek2.key \
#        -fv fv_ekb_t194 \
#        -in_sym_key sym_t194.key \
#        -in_sym_key2 sym2_t194.key \
#        -in_auth_key auth_t194.key \
#        -out eks_t194.img

# [T234 example]
# Fill your OEM_K1 fuse key value
echo "0000000000000000000000000000000000000000000000000000000000000000" > oem_k1.key


# This is the fixed vector for deriving EKB root key from fuse.
# It is expected user to replace the FV below with a user specific
# FV, and code the exact same user specific FV into OP-TEE.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t234

# Generate user-defined symmetric key files
# For each key, uncomment the random generate key and comment out the next line for production
#openssl rand -rand /dev/urandom -hex 32 > sym_t234.key    # kernel/kernel-dtb encryption key
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
openssl rand -rand /dev/urandom -hex 16 > sym2_t234.key   # disk encryption key
#echo "f0e0d0c0b0a001020304050607080900" > sym2_t234.key
#openssl rand -rand /dev/urandom -hex 16 > auth_t234.key   # uefi variables authentication key
#echo "d9f7b49e3b6264985f1326f541bb43c9" > auth_t234.key

python3 gen_ekb.py -chip t234 -oem_k1_key oem_k1.key \
        -fv fv_ekb_t234 \
        -in_sym_key sym_t234.key \
        -in_sym_key2 sym2_t234.key \
        -out eks_t234.img
 #       -in_auth_key auth_t234.key \
 #       -in_device_id device_id_cert.der \
 #       -in_ftpm_sn 00000000000000000000 \
 #       -in_ftpm_eps_seed ftpm_eps_seed_file \
 #       -in_ftpm_rsa_ek_cert ftpm_rsa_ek_cert.der \
 #       -in_ftpm_ec_ek_cert ftpm_ec_ek_cert.der \

After executing example, then:
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/eks_t234.img Linux_for_Tegra/bootloader/eks_t234.img (I’ve tried copying to bootloader/eks.img too because doc says so)
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/sym2_t234.key Linux_for_Tegra/

Modify NUM_SECTORS at ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml. Replace NUM_SECTORS by 1000215216

Flashing:

cd Linux_for_Tegra
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \
        --showlogs -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" \
        -i ./disk_enc.key --no-flash jetson-agx-orin-devkit internal
sudo cp bootloader/eks_t234_sigheader.img.encrypt ./tools/kernel_flash/images/internal/
sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \
        --showlogs  --no-flash --external-device nvme0n1p1 \
        -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml -S 400GiB \
        --external-only --append -i bootloader/t186ref/cfg/flash_t234_qspi.xml -i sym2_t234.key \ jetson-agx-orin-devkit external
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --flash-only

It completes the flash, but:

...
I> Task: OEM SC7 context save (0x5001b970)
I> OEM sc7 context saved
I> Task: Disable MSS perf stats (0x50028f94)
I> Task: Program display sticky bits (0x50028f10)
I> Task: Storage device deinit (0x500020bc)
I> Task: SMMU external bypass disable (0x50018848)
I> Task: SMMU init (0x50018764)
I> Task: Program GICv3 registers (0x50029034)
I> Task: Audit firewall settings (0x50025f44)
I> Task: Bootchain failure check (0x500025c8)
I> Current Boot-Chain Slot: 0
I> BR-BCT Boot-Chain is 0, and status is 1. Set UPDATE_BRBCT bit to 0
I> MB2 finished

��DCE: FW Boot Done
��NOTICE:  BL31: v2.6(release):cec9a2bc3
NOTICE:  BL31: Built : 20:19:41, Feb 19 2024
I/TC: Physical secure memory base 0x103c040000 size 0x3fc0000
I/TC: 
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 3.22 (gcc version 9.3.0 (Buildroot 2020.08)) #2 Tue Feb 20 04:28:56 UTC 2024 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: Test OEM keys are being used. This is insecure for shipping products!
**E/TC:00 00 ekb_extraction_process:321 Tried all EKB_RKs but still can't extract the EKB image.**
E/TC:00 00 jetson_user_key_pta_init:974 jetson_user_key_pta_init: Failed (ffff000f).
E/TC:00 00 call_initcalls:43 Initcall __text_start + 0x001197f8 failed
I/TC: Primary CPU switching to normal world boot
��
  Jetson UEFI firmware (version 5.0-35550185 built on 2024-02-20T04:21:22+00:00)

��I/TC: Reserved shared memory is disabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
E/TC:?? 00 jetson_user_key_pta_uefi_vars_auth:861 Auth key is not set in EKB.
E/TC:?? 00 stmm_handle_variable_authentication:910 Failed to get signed CMAC ffff0008

ASSERT [FvbNorFlashStandaloneMm] /dvs/git/dirty/git-master_linux/out/nvidia/optee.t234-uefi/StandaloneMmOptee_RELEASE/edk2-nvidia/Silicon/NVIDIA/Drivers/FvbNorFlashDxe/VarIntCheck.c(900): ((BOOLEAN)(0==1))


This has been discussed here but I think I am already doing what’s been proposed:

Successful flash log is attached:
flash_log.txt (36.9 KB)

What am doing wrong?

hello masip85,

this is due to below…

according to Topic 284400, we’ve reproduced this on developer kit, and we’ve arranged resources for investigation.

I notice there is new lines in this version of example.sh, lines I didn’t know what to do with them. As you can see, I commented them, following in that way what I’ve read as solution here at the forum.

#       -in_auth_key auth_t234.key \
 #       -in_device_id device_id_cert.der \
 #       -in_ftpm_sn 00000000000000000000 \
 #       -in_ftpm_eps_seed ftpm_eps_seed_file \
 #       -in_ftpm_rsa_ek_cert ftpm_rsa_ek_cert.der \
 #       -in_ftpm_ec_ek_cert ftpm_ec_ek_cert.der \

is the error caused by what is missing in my example.sh?: -in_auth_key auth_t234.key

(at the docs, is not specified at this step: https://docs.nvidia.com/jetson/archives/r35.5.0/DeveloperGuide/SD/Security/OpTee.html#tool-for-ekb-generation , so it became quite confusing for me)

Or is the error referring to this:
<sym_key_file> is the user encryption key” I generated it with 0’s thinking it is the “default” (I mean, if I don’t use UEFI encryption, can I leave it with 0? Or should I remove it from the gen_ekb.py arguments? ). I didn’t specify it at the flash step because trough the guides and here at the forums, it is not specified - if I only want to encrypt disk and not secure uefi-.

hello masip85,

could you please follow Topic 284400, comment #8 by using r35.5.0 gen_ekb script file to re-create a new EKS image, and updating it accordingly.

Already tried with orin nano. I’ve used example.sh default auth_t234.
echo “d9f7b49e3b6264985f1326f541bb43c9” > auth_t234.key
Then uncommented this at example.sh

-in_auth_key auth_t234.key 

Then I’ve followed same steps referenced at first post:

After executing example, then:
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/eks_t234.img Linux_for_Tegra/bootloader/eks_t234.img (I’ve tried copying to bootloader/eks.img too because doc says so)
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/sym2_t234.key Linux_for_Tegra/

Modify NUM_SECTORS at ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml. Replace NUM_SECTORS by 1000215216

Flashing:

cd Linux_for_Tegra
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \
        --showlogs -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" \
        -i ./disk_enc.key --no-flash jetson-agx-orin-devkit internal
sudo cp bootloader/eks_t234_sigheader.img.encrypt ./tools/kernel_flash/images/internal/
sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \
        --showlogs  --no-flash --external-device nvme0n1p1 \
        -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml -S 400GiB \
        --external-only --append -i bootloader/t186ref/cfg/flash_t234_qspi.xml -i sym2_t234.key \ jetson-agx-orin-devkit external
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --flash-only

But only black screen still appear after flashing

umm… you’re now using r35.5.0, right?
the uefi variable protection feature is always enabled. you cannot create EKS image without auth_t234.key.

Yes. r35.5.0.

Uefi variable protection is always enabled, but does it mean I have to follow Secure Boot procedure? I’ve read many times that is not the case here at the forum, that I can use disk encryption by it’s own without

I have created eks_image with it. Copied to
Linux_for_Tegra/bootloader/eks_t234.img
But after that I don’t do anything different. Just replaced agx-orin by orin-nano. should this key be used somewhere else?

hello masip85,

could you please have below command execute to examine that generated EKS image.
for example, $ hexdump -C -n 4 -s 0x24 eks_t234.img

00000024 45 45 4b 42 |EEKB|
00000028

By the way, now the error (switching to agx orin for debugging with serial) is:
�DCE: FW Boot Done
��NOTICE: BL31: v2.6(release):cec9a2bc3
NOTICE: BL31: Built : 20:19:41, Feb 19 2024
I/TC: Physical secure memory base 0x103c040000 size 0x3fc0000
I/TC:
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 3.22 (gcc version 9.3.0 (Buildroot 2020.08)) #2 Tue Feb 20 04:28:56 UTC 2024 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check Porting guidelines — OP-TEE documentation documentation
I/TC: Primary CPU initializing
I/TC: Test OEM keys are being used. This is insecure for shipping products!
E/TC:00 00 ekb_extraction_process:321 Tried all EKB_RKs but still can’t extract the EKB image.
E/TC:00 00 jetson_user_key_pta_init:974 jetson_user_key_pta_init: Failed (ffff000f).
E/TC:00 00 call_initcalls:43 Initcall __text_start + 0x001197f8 failed
I/TC: Primary CPU switching to normal world boot
��
Jetson UEFI firmware (version 5.0-35550185 built on 2024-02-20T04:21:22+00:00)

hello masip85,

may I double confirm… did you using a customize key? (i.e. sym2_t234.key)
if yes… had you re-create and update EKS image accordingly?

You can see in the code:

At example sh:

openssl rand -rand /dev/urandom -hex 16 > **sym2_t234.key**   # disk encryption key

After executing example.sh, then:
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/eks_t234.img **Linux_for_Tegra/bootloader/eks_t234.img** (I’ve tried copying to bootloader/eks.img too because doc says so)
cp Linux_for_Tegra/source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/sym2_t234.key **Linux_for_Tegra/**

Later:

sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \
        --showlogs  --no-flash --external-device nvme0n1p1 \
        -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml -S 400GiB \
        --external-only --append -i bootloader/t186ref/cfg/flash_t234_qspi.xml **-i sym2_t234.key** \ jetson-agx-orin-devkit external

Is example.sh right? Can you reproduce the issue?

Regards

hello masip85,

we cannot reproduce this locally.

as you may know… l4t_initrd_flash.sh it’s actually using the image under $OUT/Linux_for_Tegra/tools/kernel_flash/images/ to flash the target.
it might be the issue that internal/eks_t234_sigheader.img.encrypt did not update correctly.

hence,
please refer to Topic 270934, which show the steps to enable disk encryption with a custom key.

I just check every step twice. You can see that for updating that file I use a cp. I’ve checked removing first and copying after to be sure the remaining file is the new one. Same error.

I’ve checked your link. A few things:

  • example.sh contains t194 and t234 example. So first I comment t194 example.
  • Then, I change echo "f0e0d0c0b0a001020304050607080900" > sym2_t234.keyby (2) $ echo "f0e0d0c0b0a0010203040506070809aa" > sym2_t234.key. But, error appears of course, because the topic solution you refer is not updated.
    FileNotFoundError: [Errno 2] No such file or directory: ‘device_id_cert.der’

File,which I really don’t know what it is. So, ok, I remove this line. And these others:

       -in_device_id device_id_cert.der \
        -in_ftpm_sn 00000000000000000000 \
        -in_ftpm_eps_seed ftpm_eps_seed_file \
        -in_ftpm_rsa_ek_cert ftpm_rsa_ek_cert.der \
        -in_ftpm_ec_ek_cert ftpm_ec_ek_cert.der \

But, here at the example you say for t194:

# This is default KEK2 root key for unfused board
#echo "00000000000000000000000000000000" > kek2.key

And for t234:

# [T234 example]
# Fill your OEM_K1 fuse key value
echo "2d4a614e645267556b58703273357638792f423f4428472b4b6250655368566d" > oem_k1.key

I guess this second value,is for a fused board. Because mine is not fuse, I’ve been using this as you could see:
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key

I guess this is the right way. And that your Topic answer in wrong because is outdated. Please,confirm this is right. The resulting example.sh should be:

# [T234 example]
# Fill your OEM_K1 fuse key value
echo "0000000000000000000000000000000000000000000000000000000000000000" > oem_k1.key

# This is the fixed vector for deriving EKB root key from fuse.
# It is expected user to replace the FV below with a user specific
# FV, and code the exact same user specific FV into OP-TEE.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t234

# Generate user-defined symmetric key files
# For each key, uncomment the random generate key and comment out the next line for production
# openssl rand -rand /dev/urandom -hex 32 > sym_t234.key    # kernel/kernel-dtb encryption key
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
# openssl rand -rand /dev/urandom -hex 16 > sym2_t234.key   # disk encryption key
echo "f0e0d0c0b0a0010203040506070809aa" > sym2_t234.key
# openssl rand -rand /dev/urandom -hex 16 > auth_t234.key   # uefi variables authentication key
echo "d9f7b49e3b6264985f1326f541bb43c9" > auth_t234.key

python3 gen_ekb.py -chip t234 -oem_k1_key oem_k1.key \
        -fv fv_ekb_t234 \
        -in_sym_key sym_t234.key \
        -in_sym_key2 sym2_t234.key \
        -in_auth_key auth_t234.key \
        -out eks_t234.img

Then I execute your suggested commands:

  923  cd Linux_for_Tegra/
  924  sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --no-flash --showlogs -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" jetson-agx-orin-devkit internal
  925  sudo ./flash.sh --no-flash -k A_eks jetson-agx-orin-devkit internal
  926  sudo cp bootloader/eks_t234_sigheader.img.encrypt ./tools/kernel_flash/images/internal/.
  927  sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./sym2_t234.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append --network usb0 jetson-agx-orin-devkit external
  928  sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --network usb0 --flash-only

One thing that surprises me is: A_eks. Where is it getting from ,I didn’t get error executing its line. It’s also strange for me because is every different to every solution I’ve found at the forum. And those steps don’t say anythin about modify NUM_SECTORS of .xml. That is weird. But I’ve followed to test those steps as you asked.

The result is a black screen too. But before keep digging, please, because I think those steps are not complete, don’t you have updated and complete steps to provide?

hello masip85,

there’re default keys within gen_ekb example, because user key is specified in eks.img, (they’re using all 0s in Xavier series, but Orin series not)
for instance, $public_sources/r35.5.0/atf_and_optee/optee/samples/hwkey-agent/host/tool/gen_ekb/example.sh

FYI, there’s an issue with using zero keys, so for that reason, we used a sample key with a specific value for rel-35 release version at the moment.

Yes, that’s the jetpack version i am trying. So, if just default example.sh just modifying sym2_t234 as the Topic you mentioned, it results in:

# [T234 example]
# Fill your OEM_K1 fuse key value
echo "2d4a614e645267556b58703273357638792f423f4428472b4b6250655368566d" > oem_k1.key

# This is the fixed vector for deriving EKB root key from fuse.
# It is expected user to replace the FV below with a user specific
# FV, and code the exact same user specific FV into OP-TEE.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb_t234

# Generate user-defined symmetric key files
# For each key, uncomment the random generate key and comment out the next line for production
# openssl rand -rand /dev/urandom -hex 32 > sym_t234.key    # kernel/kernel-dtb encryption key
echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
# openssl rand -rand /dev/urandom -hex 16 > sym2_t234.key   # disk encryption key
echo "f0e0d0c0b0a0010203040506070809aa" > sym2_t234.key
# openssl rand -rand /dev/urandom -hex 16 > auth_t234.key   # uefi variables authentication key
echo "d9f7b49e3b6264985f1326f541bb43c9" > auth_t234.key

python3 gen_ekb.py -chip t234 -oem_k1_key oem_k1.key \
        -fv fv_ekb_t234 \
        -in_sym_key sym_t234.key \
        -in_sym_key2 sym2_t234.key \
        -in_auth_key auth_t234.key \
        -out eks_t234.img
#        -in_device_id device_id_cert.der \
#        -in_ftpm_sn 00000000000000000000 \
#        -in_ftpm_eps_seed ftpm_eps_seed_file \
#        -in_ftpm_rsa_ek_cert ftpm_rsa_ek_cert.der \
#        -in_ftpm_ec_ek_cert ftpm_ec_ek_cert.der \

Your message was confusing because sym_t234.key really is a 0s key by default at example.sh. But following steps without touching oem key , leaving default non zeros even for unfused board, has been the change this needed to work. I hadn’t specified NUM_SECTORS so now I am not using all NVME, but it is encrypted and correct. So I guess num_sectors will solve the partition size issue.

APP size by default it defined as 57GB in the flash configuration file.
since it’s APP_ENC partition for encryption part. The EXT_NUM_SECTORS size need smaller than your NVMe actual size and bigger than APP size.

please see-also Topic 265469 for the steps to update num_sectors in xml flash configuration file.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.