How to setup input string in disk encryption

Hello, everyone,
Now i will test Disk Encryption use in XAVIER NX. How do i change the input string which the following context mentioned:

The input has two parts: the plain key file of the EKB key used for disk encryption, and an input string used to generate the passphrase. By default, the input string is the UUID of the encrypted disk. You can modify the script that generates the rootfs to let user to enter their own string. You must change the initrd accordingly to make it use the user-supplied string.

BSP 32.6.1
Best regards,

hello ultwcz1997,

it’s EKB for disk encryption.
EKB (Encrypted Binary Blob) stores two keys, one is the kernel encryption key, and another one is the LUKS key for disk encryption support.
LUKS disk encryption support with a specific key. you should execute the script file, to generate an image.
also, in the developer guide, Tool for EKB Generation that sym2.key is equivalent to ekb.key.

Hi, JerryChang,
So i understand it following,

  1. Customed own string and populated it to <sym2_key_file>.
  2. Using script python -in sym_key2 <sym2_key_file> -out <eks_image_file> to generate EKB.
  3. Flash <eks_image_file> onto the EKS partition of the device.

Thank you.

hello ultwcz1997,

here’s addition things…

the user_key is specified in eks.img. for example, the running CA sample, hwkey-agent/CA_sample/tool/gen_ekb/ to generate eks.img, the sym.key is the user_key.
it’s Trusty retrieves user_key from eks.img, and loads the key into keyslot for decryption.
for image flashing, please use --use_key options to specify the user_key.

Hi JerryChang,
Thank you reply.
Sorry, I could not find file in /Linux_for_Tegra/*, where is that?

hello ultwcz1997,

ohh…it’s included in the optee package.
you may download public release sources, i.e. Driver Package (BSP) Sources.
for example, $r35.1/Linux_for_Tegra/source/public/atf_and_optee/optee/samples/hwkey-agent/host/tool/gen_ekb/

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.