echo “00000000000000000000000000000000” > ekb.key sudo ROOTFS_ENC=1 ./flash.sh -i “./ekb.key” jetson-xavier-nx-devkit-emmc mmcblk0p1
This step leads to kernel panic while bootup on jetson with below error:
ERROR : “encrypted dev /dev/mmcblk0p2” is not a LUKS device
crypt_UDA : command not found
If I use another random key other than “00000000000000000000000000000000” , there is no error, but the jetson could not boot up with a blank screen and curser.
Could anyone please guide me through the steps how the disk encryption can be tested on Jetson Xavier NX ? Am I missing some cruicial steps ?
may I know the storage types of your Xavier NX,
are you going to encrypted the content on internal eMMC or external storage?
once the feature had been applied, the APP partition would be separated into two partitions, (1) boot (“/boot”) and (2) root (“/”) partitions.
the boot partition (“APP”) remains in an unencrypted format, so the bootloader can sill load kernel and device tree blob; the root partition (“APP_ENC”) would be encrypted.
you may see-also Tool for EKB Generation session, it’s Encrypted Binary Blob (EKB) file to include the disk encryption key, and you should flash it onto the EKS partition of the device.
how you create your Encrypted Binary Blob (EKB) file ?
EKB stores two keys, one is the kernel encryption key, and another one is the LUKS key for disk encryption support.
LUKS disk encryption support with a specific key. you should execute the script file, gen_ekb.py to generate an image.
also, in the developer guide, [Tool for EKB Generation] that sym2.key is equivalent to ekb.key