Encrypt SSD as a main storage that has kernel

I have a TX2 device with an extra SSD drive that I want to encrypt it with a specific key that I’m going to store that on my cloud key manager. but I don’t know how I can do it :(

my idea is to boot to the main storage ( eMMC ) and get the key and decrypt the SSD, then boot through that

So I found two solutions

Unfortunately I couldn’t run any of these solutions, for chainloading I’m not sure even it is supporting by tx2 and uboot or not, and kexec one is not working correctly. After running it, only restart device without booting to the second storage

Do you have any suggestions on how I can implement something to make my device able to decrypt my disk before booting through it?

Sorry that we don’t have such usecase supported yet.

I will let other forum user to share their experience.