Massflash with DiskEncryption

I’m working with OrinNano 4GB with Custom Carrier board on R35.4.1.

I’m trying to enable massflash with DiskEncryption.
But it is not working.

I see the following documents.
Disk Encryption — Jetson Linux Developer Guide documentation
Disk Encryption — NVIDIA Jetson Linux Developer Guide 1 documentation

In R35.5.0, it is noted that the example for Massflash with DiskEncryption.
But, There is no similar statement in R35.4.1.

Dose R35.4.1 support Massflash with DiskEncryption?

I tried massflash with DiskEncryption on R35.5.0.
I use OrinNano 4GB with JetsonOrinNano Deverloperkit.
I run the following commands.
[Security][Disk Encryption] Creating Encrypted Images with a Generic Key - Jetson & Embedded Systems / Jetson Orin Nano - NVIDIA Developer Forums

$ echo "12345678901234567890123456789012" > disk_enc.key

# Connetct devkit with recovery mode.

$ sudo BOARDID=3767 BOARDSKU=0004 ./tools/kernel_flash/l4t_initrd_flash.sh \
        --network usb0 -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" \
        --no-flash \
        jetson-orin-nano-devkit internal

$ sudo BOARDID=3767 BOARDSKU=0004 ROOTFS_ENC=1 \
        ./tools/kernel_flash/l4t_initrd_flash.sh \
        --network usb0 --showlogs  --no-flash --external-device nvme0n1p1 \
        -S 16GiB -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml \
        --external-only --append -i ./disk_enc.key ``-p "--generic-passphrase"`` \
        --massflash 2 jetson-orin-nano-devkit external

But, fail to boot.

[    9.566065] Run /init as init process
[    9.585915] Root device found: UUID=a9c8c3bd-9fac-4a81-afce-3fc4a7802b8d
[    9.609457] Cryptsetup version: 2.2.2
[   15.328677] ERROR: fail to unlock the encrypted dev /dev/nvme0n1p2.
[   15.337718] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
[   15.348237] CPU: 1 PID: 1 Comm: bash Not tainted 5.10.192-tegra #1
[   15.355650] Hardware name: NVIDIA Orin Nano Developer Kit (DT)
[   15.361648] Call trace:
[   15.364163]  dump_backtrace+0x0/0x1e0
[   15.367924]  show_stack+0x30/0x40

Here is logs.
flash_log.txt (39.5 KB)
boot_log.txt (85.1 KB)

Do I need any additional steps?

I need some help.
Does anyone have any information?

hello S.Harumoto,

is it a must to stay-on r35.4.1 release version?
please see-also Topic 319101, we’ve tested and confirm disk encryption + massflash on 2 devices is working on r36.4/Orin-Nano Devkit.

Thank you for your reply.
I confiremed that disk encryption + massflash works on R35.5.0 with your shared steps.

is it a must to stay-on r35.4.1 release version?

If R35.4.1 supports disk encryption + massflash, I would like to use it.
If not, I use R35.5.0

Dose R35.4.1 support Massflash with DiskEncryption?

hello S.Harumoto,

as you can see… Topic 291335.
it’s JetPack 5.1.3/r35.5.0 start to support creating encrypted images with a generic key.

you’ll need generic-passphrase if you’re going to Massflash.
otherwise, you need to have unique ECID (per device) to enable disk encryption.

hence, please moving forward to r35.5.0 for your use-case, thanks

1 Like