Jetson AGX Xavier Encrypted rootfs for eMMC

Autonomous Machines Jetson & Embedded Systems Jetson AGX Xavier
1

I am trying rootfs encryption by following these steps.
Disk Encryption Implementation in Jetson Linux

However, I do not have an external storage device, so I am trying to write the encrypted rootfs to an internal eMMC. The web pege only has instructions for writing rootfs to an external storage device, but is it possible to write to an internal eMMC?

I am assuming to change 1-a to 1-b. Is this correct?

(Ex. 1-a: for external SSD device)
sudo ROOTFS_ENC=1 . /flash.sh -i “. /ekb.key” jetson-agx-xavier-devkit nvme0n1p1
(Ex. 1-b: for internal eMMC device)
sudo ROOTFS_ENC=1 . /flash.sh -i “. /ekb.key” jetson-agx-xavier-devkit mmcblk0p1

3

Hi,
The config file flash_t194_sdmmc_enc_rfs.xml is for internal emmc. Please follow the steps and give it a try.

4

Thanks.
Are you talking about the settings in Linux_for_Tegra/p2972-0000.conf.common? I have confirmed that there are the following settings in that file.

        disk_enc_enable=1;
        EMMC_CFG=flash_t194_sdmmc_enc_rootfs_ab.xml;

I followed the steps on the nvidia site and the OS is up and running.

I do not know how to check if the encrypted rootfs is writing to the eMMC. Any information on a command or configuration file location to check?

5

If you have os up and running you could run

sudo blkid

The command will show a list of partitions and some partitions will have a filesystem type. If the filesystem type of a partiton contains “luks” string, it means that the partition has an encrypted filesystem on it. You can check whether this partition is in internal emmc ot external storage device

6

Thank you. I was able to confirm that the above command shows different storage configurations for encrypted and unencrypted.

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.