hello SriDivya,
we’ve double checked this with non-fuse AGX Xavier,
it’s verified disk encryption works on AGX Xavier with non-zero keys.
I have verified non-zero disk encryption key on AGX Xavier.
here’re steps for your reference,
- Modify the
optee/samples/hwkey-agent/host/tool/gen_ekb/example.shfor using non-zero key.
echo "f0e0d0c0b0a001020304050607080900" > sym2_t194.key - Run
./example.sh - Copy generated
sym2_t194.keyandeks_t194.imgto Linux_for_Tegra/bootloader - Run flashing command,
$ sudo ROOTFS_ENC=1 ./flash.sh -i “./sym2_t194.key” jetson-agx-xavier-devkit mmcblk0p1
had you assign KEK2 keys?
if you’re using a non-fuse target, you may using echo "00000000000000000000000000000000" > kek2.key to create eks image.
please execute the script file, odmfuseread.sh to determine whether your target fused or not.