Now i will test Disk Encryption use in XAVIER NX. How do i change the input string which the following context mentioned:
The input has two parts: the plain key file of the EKB key used for disk encryption, and an input string used to generate the passphrase. By default, the input string is the UUID of the encrypted disk. You can modify the script that generates the rootfs to let user to enter their own string. You must change the initrd accordingly to make it use the user-supplied string.
it’s EKB for disk encryption.
EKB (Encrypted Binary Blob) stores two keys, one is the kernel encryption key, and another one is the LUKS key for disk encryption support.
LUKS disk encryption support with a specific key. you should execute the script file, gen_ekb.py to generate an image.
also, in the developer guide, Tool for EKB Generation that sym2.key is equivalent to ekb.key.
the user_key is specified in eks.img. for example, the running CA sample, hwkey-agent/CA_sample/tool/gen_ekb/example.sh to generate eks.img, the sym.key is the user_key.
it’s Trusty retrieves user_key from eks.img, and loads the key into keyslot for decryption.
for image flashing, please use --use_key options to specify the user_key.
ohh…it’s included in the optee package.
you may download public release sources, i.e. Driver Package (BSP) Sources.
for example, $r35.1/Linux_for_Tegra/source/public/atf_and_optee/optee/samples/hwkey-agent/host/tool/gen_ekb/gen_ekb.py