How to created an encrypted disk partition for data storage on Xavier NX

Hi, I need to create an encrypted partition on my system, say the /dev/nvme0n1p1. Based on the developer guide, I should use the LUKS/cryptsetup utility. But I am still not clear about the process of setup/mount/umount the partition. I also read many posts from forum, most of them were for secure boot. There’s one thread with exactly the question:

But I don’t see a clear solution. This partition is for storing data only. No need for secure boot. Anyone can provide a command line example for the process? Is disk UUID is the only choice for the passcode? If multiple passcode can be used for a single encrypted partition, how can I set them?
I use JP4.6/L4T R32.6.1 for the NX.


The detail is in developer guide

For examples, please check


You can refer to Workflow 10, Example 4 and give it a try. For Xavier NX emmc, the board name is jetson-xavier-nx-devkit-emmc

If you use your own EKB key, please download source code package and use the script in trusty_src.tbz2:


and change this to your EKB key:

echo “00000000000000000000000000000000” > sym2.key

And put the key in commands of generating images(Workflow 10, Example 4 as example):

$ sudo ROOTFS_ENC=1 ./tools/kernel_flash/ -p “-i sym2.key” --no-flash jetson-xavier internal

$ sudo ROOTFS_ENC=1 ./tools/kernel_flash/ -p “-i sym2.key” --no-flash --external-device nvme0n1p1 -S 8GiB -c ./tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml --external-only --append jetson-xavier external

More information is in EKB Generation