Flashing Disk Encryption on Jetson Orin Nano Dev-Kit Not Working

Hello. I am working to get disk encryption working on the Jetson Orin Nano 8GB, currently working with the Dev-kit. To start, I followed the r36.2 Quick Start and was able to setup a Ubuntu 22.04 host system and flash the device with the Jetson Developer Kit Operating Software. The device’s storage is a 64Gb SD card, with no NVMe.

Next up, I tried to follow the steps in Disk Encryption, but the flashing failed at the last step of flashing an encrypted rootfs to an external storage device:

Waiting for device to expose ssh ......RTNETLINK answers: File exists
RTNETLINK answers: File exists
Waiting for device to expose ssh ...Run command: flash on fc00:1:1:0::2
SSH ready
blockdev: cannot open /dev/mmcblk3boot0: No such file or directory
[ 0]: l4t_flash_from_kernel: Starting to create gpt for emmc
Active index file is /mnt/internal/flash.idx
Number of lines is 79
writing item=62, 6:0:primary_gpt, 512, 19968, gpt_primary_6_0.bin, 16896, fixed-<reserved>-0, 0e22d33125414aee10455d4636b922e5e44ef57d
Error: Could not stat device /dev/mmcblk3 - No such file or directory.
Flash failure
Cleaning up...

I’ve tried a few different approaches to flashing the device, including the method pointed out in the following post, but this error pops up every time. Any help would be greatly appreciated. As an aside, I do not have a USB-to-TTL cable yet, but I saw it was recommended in many posts, so I ordered one which should arrive tomorrow.

Related question, does APP_ENC_SIZE need to be calculated manually or is it automatically calculated by the by the image generation process? The documentation (that I’ve seen so far) isn’t clear on this.

hello amen_levi,

you may refer to Topic 265469 to specify EXT_NUM_SECTORS.

Sorry for the delay, got pulled off onto another project for a time. I tried the suggestion found in that topic @JerryChang, but I still got the same error while flashing.

This might be a silly question, but the Disk Encryption documentation calls out:

You must generate the rootfs on a secure system, that is, a secure host computer equipped with a Hardware Security Module (HSM). The HSM is used for key generation and management to secure key assets and safe transport to the factory floor. This is necessary to ensure that the keys cannot be leaked to an unsecure system on the production line.

Does my system need an HSM for disk encryption to work even if I’m using example.sh, and the example key, as a proof of concept?

Serial log captured when flashing to Orin Nano.
serial.log (66.4 KB)

hello amen_levi,

it looks you’re now working with JP-6 DP, which is Developer Preview version.
please note that we’ll have a production quality release soon, it will be available in Apr/2024.
let’s wait for next JP-6 public release.

Good to know, thank you.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.