How to enable and verify if disk encryption is working with Jetson Xavier NX?

hello adit_bhrgv,

how you create your Encrypted Binary Blob (EKB) file ?
EKB stores two keys, one is the kernel encryption key, and another one is the LUKS key for disk encryption support.
LUKS disk encryption support with a specific key. you should execute the script file, to generate an image.
also, in the developer guide, [Tool for EKB Generation] that sym2.key is equivalent to ekb.key
for example,

# This is default KEK2 root key for unfused board
echo "00000000000000000000000000000000" > kek2_key

# This is the default initial vector for EKB.
echo "bad66eb4484983684b992fe54a648bb8" > fv_ekb

# Generate user-defined symmetric key files
# openssl rand -rand /dev/urandom -hex 16 > sym.key
# openssl rand -rand /dev/urandom -hex 16 > sym2.key
echo "00000000000000000000000000000000" > sym.key
echo "00000000000000000000000000000000" > sym2.key

python3 -kek2_key kek2_key \
        -fv fv_ekb \
        -in_sym_key sym.key \
        -in_sym_key2 sym2.key \
        -out eks.img

LUKS support modules will use the key to generate the per-device unique passphrase.

please refer to Workflow 10 in $OUT/Linux_for_Tegra/tools/kernel_flash/README_initrd_flash.txt for the initrd approach for image flashing and disk encryption together.

you might also check discussion threads for reference,
for example,