hello elhamriothman,
it looks like an issue following up from Topic 288196.
EKB user-defined key for disk encryption
let’s focus on EKS image, use-defined key is stored in this EKS image.
furthermore, there’re PKC, SBK…etc keys (you may refer to Secure Boot section) to sign/encrypt this EKS image.
you may also visit NVIDIA Jetson Linux 35.5.0 page to download [Driver Package (BSP) Sources] package, please extract nvidia-jetson-optee-source.tbz2 and checking sample script of gen_ekb.
for instance, ./optee/samples/hwkey-agent/host/tool/gen_ekb/example.sh
as you can see… there’re user-defined symmetric key files used by gen_ekb.py to generate EKS image.
when performing $ sudo ROOTFS_ENC=1 ./flash.sh -i "./disk_enc.key" <board> <rootdev>
you’re given disk encryption key file, which should be identical with disk encryption key in the EKB partition you’ve flashed onto the target.
hope this explanation helps.