hello cleng,
we’ve tested and confirm disk encryption + massflash on two devices is working on r36.4+ Orin-Nano Devkit.
please note that, you must put the device connected (enter forced-recovery mode) to generate mfi package.
here’re steps for your reference,
- Please do refer to
optee/samples/hwkey-agent/host/tool/gen_ekb/example.shto re-create EKS image (i.e.eks_t234.img) with your customized disk encryption key.
$ cp new_r364_EKS.img ~/r36.4.0/Linux_for_Tegra/bootloader/eks_t234.img - Run
l4t_initrd_flashfor image creation for both internal/external storage.
$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --no-flash --showlogs -p "-c bootloader/generic/cfg/flash_t234_qspi.xml" jetson-orin-nano-devkit internal
$ sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --no-flash --external-device nvme0n1p1 -S 16GiB -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append -i ./sym2_t234.key ``-p "--generic-passphrase"`` --massflash 2 jetson-orin-nano-devkit external - There should be
mfi*.tbz.gzavailable, please extract that for confirmation.
$ sudo tar xpvf mfi_jetson-orin-nano-devkit.tar.gz
$ cd mfi_jetson-orin-nano-devkit/ - You may using that image for flashing multiple devices, they’ll have disk encryption enabled.
$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --flash-only --massflash 2