Disk Encryption on TX2

Hi ,

I followed the guide on https://docs.nvidia.com/jetson/l4t/#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide/bootloader_disk_encryption.html#wwpID0E0KD0HA

I use the following command:
$ sudo ROOTFS_ENC=1 ./flash.sh -i “./ekb.key” jetson-tx2-devkit /dev/mmcblk0p12/

error message:

how to fix that error, thanks.


hello ellen1474713,

could you please refer to developer guide, Security.
had you enable SecureBoot and SecureOS for the Jetson TX2?

Hi JerryChang,

How to check enable SecureBoot and SecureOS ?
according to developer guide, Security SecureBoot which part?



hello ellen1474713,

if you program the fuses, (i.e. PKC, SBK, KEKs…), fuses are designed to be inaccessible for production.
the concept of Secureboot is to prevent execution of unauthorized code during boot process through chain-of-trust;
those authenticates boot components (such as, Boot Configuration Table, bootloader binaries, and warmboot vector) were signed using private key.

since SecureBoot is to ensure boot process is secure. Trust Zone is SecureOS afterwards.
that’s the trusted executed environment (TEE) where trusted application is running at to gain access security assets securely. It won’t decrypt encrypted boot code as it already passes boot stage but it does allow your apps to access secure assets. For instance, secure storage is one example. Encrypted video content is another example. This is a run-time environment where your application is running at.

please refer to developer guide, Security, you may check each session for detail information.