How to solve the issue that ssd are not entiely availiable after full disk encryption

I am just trying to flash a external device with encrypted filesystem with:
sudo ROOTFS_ENC=1 ./tools/kernel_flash/ --external-device nvme0n1p1 -c ./tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml --external-only -S 8GiB jetson-xavier-nx-devkit externa

After flashing my device can boot and file system are encrypted. What I am confuse is that, my ssd have the volume of 1T, but only 279MB is availiable.

Is there anything I missed when flashing ?

Hi EmondCai,

Are you using the Xavier NX devkit with external NVMe SSD?
What’s your Jetpack version in use?

Have you tried to extend the disk size after boot up?

-S parameter in flash command is used to specify the size of rootfs.
Could you help to provide your flash_l4t_nvme_rootfs_enc.xml ?

and also share the result of lsblk command on your board.

Thank you for your replay @KevinFFF !

Yes, I am using jetson-xavier-nx-devkit, the jetpack version is 5.0.2 and I’m using the Linux_for_tegra inside Jetpack r35.1.0 for flashing.

The result of lsblk is here:

The flash_l4t_nvme_rootfs_enc.xml I am using is here(I have never configed it):
flash_l4t_nvme_rootfs_enc.xml (8.5 KB)

By the way, if I specific the -S to 500G, does it mean that my pc which I execute the also need 500G?

You could see that you have only 7.6G for rootfs.

From your XML…

sector_size="512" num_sectors="122159104"

The size for NVMe is 512*122159104 = 62545461248 = 58.25 GB.

Please note the following:
physical size >= sector_size*num_sectors >= -S parameter

The physical size of your NVMe SSD is 945.57GiB
If you want to have 500 GB for rootfs, you could use -S 500GiB in your flash command, and modify num_sectors to 1073741824, which resulting 512*1073741824 = 512GiB

Thank you very much!

One other question:
If i flash through the default parameter, the passphrase is generate automatically, and the disk is decrypted after boot without entering any passphrase. So I wonder is there any way that I can define my own passphrase and enter the passphrase to decrypt? Any doc that I can refer to ?
Thank you again for your help!

I found that If I want to encrypt a 900GB disk, It takse a large amout of time to generate .img

Is that normal?

What do you mean about the “default parameter”?

You could refer to the following instruction for disk encryption.
Disk Encryption — Jetson Linux Developer Guide documentation (

It seems expected. Could you flash successfully with my previous response?

I can flash successfully, thank you!

For passphrase, What I mean is that: Can I specific a passphrase myself that is not bound to the hardware device?

I try to change the output of and flash

But after flashing seems that the disk cannot be decrypted when boot up

You could refer to the following instruction for how passphrase work.
Disk Encryption — Details of Operation

You could also run the following command for the usage for, you may need to add a key file for custom key instead of modifying passphrase directly.

python3 --help

Is that possible to encrypt a disk which is not bound to the ecid(chip id), which means the disk itself is encrypted, and It can be boot from other device.

It seems you would need the original key to decrypt your disk.
The same input is used to decrypt and unlock data stored on the disk.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.