Jetson Orin AGX / nvme emmc encryption

Hello,

Im trying to get the enryption on both the emmc and the nvme to work using the three way meaning generating the images first the internal one and the external one then flashing them both, although I think what Im doing is correct I don’t know why when I run the second command exactly the script start flashing even when tho’ I precised the --noflash, so in result before I run the third command the flash the second command already flashes the jetson for me and I end up getting this error:

No key avaialble with this passphrase.
/bin/bash: line 1: crypt_UDA: command not found.
ERROR: fail to unlock the encrypted dev /dev/mmcblk3p2

Just to make sure, I have already crypted the jetson using the flash.sh and using the exemple key, do I need to delete smth else before I flash it with the initrd?

Here are the three command that I used remember, I didn’t get the chance to the third command because the second command already flashes the jetson for me even with the –noflash.

1/Generating Internal image (emmmc encrypted):
sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \ –showlogs -p “-c ‘/home/othman/flash_orin/Linux_for_Tegra/bootloader/generic/cfg/flash_t234_qspi_sdmmc_enc_rfs.xml’” \ -i ./disk_enc.key --no-flash jetson-agx-orin-devkit internal

2/Generating External image (ssd 542g):

sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 \ –showlogs --noflash --external-device nvme0n1p1 -S 512GiB \ -c ./tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml \ –external-only --append -i ./disk_enc.key jetson-agx-orin-devkit external

3/Flashing both:
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --flash-only

The disk_enc.key is the “f0e0d0c0b0a001020304050607080900”

Thanks!

Hi elhamriothman,

Are you using the devkit or custom board for AGX Orin?
What’s your Jetpack version in use?

Are you using a fused device or not?

Could you share the full log when you run the second command?

I’m also curious about why your internal eMMC is mmcblk3p2.

Hello Kevin,

Im using the devkit, and the jetpack im using is the R36 version. for now no Im not using any fuses (still didn’t try to use secure boot) and concerning the internal I also thought it should be mmcblk0 instead of 3 but I think it’s just a new standard or some sort.

Here is the log file:
log_flash.zip (7.4 KB)

While checking the logs before sending it, I don’t know why the script is working on the emmc partitions when I clearly precised him to use it on the nvme. One thing im not sure if it might be the problem is that before starting the second command we didn’t do like in the eMMC image generation and we didn’t change the line in the configuration to enable disk encryption ( Linux_for_Tegra/p3737-0000-p3701-0000.conf.common) the EMMC_CFG I didn’t want to change it to the ssd file partition cause the name of the variable contains EMMC so I thought it’s not related. you think it might have to do with something here?

Update I downgraded to the 35.5 version and now my mmc is partition is 0 not 3, still trying to make the emmc nvme encryption work with the three way methode.

Hello Kevin,

Did you check the log I sent?

I can not find any nvme related information in this log.
I want to check the log when you are running second command, which should specify nvme0n1p1 as root device.

That’s the thing, that’s what happens when I run the second command, do I need to modify Linux_for_Tegra/p3737-0000-p3701-0000.conf.common before running the second command?

Update, so I managed to generate both the pictures for the internal and the external storage successfully, however when I run the script flash to flash both images:

sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only

I get this:/home/othman/flash_orin/Linux_for_Tegra


  •                                 *
    
  • Step 3: Start the flashing process *
  •                                 *
    

Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for target to boot-up…
Waiting for device to expose ssh …RTNETLINK answers: File exists
RTNETLINK answers: File exists
Waiting for device to expose ssh …Run command: flash on fc00:1:1:0::2
SSH ready
chroot: failed to run command ‘/mnt/’: Permission denied
Flash failure
Cleaning up…

Please check the serial console log on your board at this moment.

It seems you have permission issue.
Please also check the log when you were generating the package for internal and external storage.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.