I am trying to set up an encrypted rootfs partition for the TX2 NX. However, I am also using cboot exclusively, and as a result skip reading the extlinux.conf file and load the kernel/dtb directly from partition rather than /boot/Image. I am having trouble as my device will not boot after flashing. Cboot loads the kernel and it starts to initialize but when it tries to mount the encrypted partition it just hangs. Is this an issue with the custom kernel I am using or with an issue with my initrd or something else entirely?
I have attached the UART debug logs for reference. I should add that when I boot without my custom kernel and let Uboot read and boot from the extlinux.conf file my system loads successfully to the encrypted partition.
log3 (99.5 KB)
do you have bootloader logs with this failure?
I included the bootloader debug logs as recorded through the UART debug port on the device in my original message. Please refer to the attached file there.
had you encrypt the roofts correctly? did you also burn the keys to the device?
here shows the related messages…
[0005.687] I> Decrypt the buffer ... [0005.690] D> tegrabl_decrypt_block: buffer=0x80000000 size=181200
[0005.696] W> tegrabl_decrypt_block: fuse (0x0) is not burnt to do encryption (0x4); skip decryption.
and… according to below, it looks your device already boot into linux kernel.
[ 0.000000] Booting Linux on physical CPU 0x100
[ 0.000000] Linux version 4.9.253 (root@doghouse) (gcc version 7.3.1 20180425 [linaro-7.3-2018.05 revision d29120a424ecfbc167ef90065c0eeb7f91977701] (Linaro GCC 7.3-2018.05) ) #1 SMP PREEMPT Mon Aug 8 16:48:57 PDT 2022
[ 4.927293] Waiting for root device UUID=6489d01c-04b9-4678-aba5-0aba7906a759...
may I know where’s your root file system.
please also share your steps in details to enable disk encryption for reference,
We have decided to revert to using UBoot due the lack of proper support for a cboot only system on the TX2 NX. I have other follow up issues now about kernel encryption which I will post about shortly.
it looks you’ve file a new topic, should we close this thread and follow-up below topic?
i.e. Kernel encryption through Secureboot
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.