Encrypting custom dtb file with Tegraflash.py

I am having trouble generation a custom encrypted dtb file using tegraflash.py

currently I am running this command

sudo ./tegraflash.py --bl cboot.bin --bct P3448_A00_lpddr4_204Mhz_P987.cfg --odmdata 0x94000 --bldtb tegra210-p3448-0000-p3449-0000-a01.dtb --applet nvtboot_recovery.bin --cmd “sign” --cfg flash.xml --chip 0x21 --bins “ETB cboot.bin; DTB tegra210-p3448-0000-p3449-0000-a01.dtb”

This generate a file in /bootloader/signed/kernel_tegra210-p3448-0000-p3449-0000-a00.dtb.encrypted

Probing this file it seem like its the base a00 file and not the custom dtb file I created.

Do you have a device tree specified via the “FDT” key/value entry in “/boot/extlinux/extlinux.conf”? If so, then it will pick that over the partition version. The one on the partition is from flashing, and is signed (meaning authenticated as valid, but it isn’t truly “encrypted”).

Note that if security fuses are burned, then only the partition version (the signed tree) is allowed and anything in “/boot” would then be ignored.