Not able to use LUKS Disk Encryption on Jetson NX

Robotics & Edge Computing Jetson & Embedded Systems Jetson Xavier NX
1

Hi!

I have a Jetson NX dev kit and I’d like to encrypt the SD Card to not expose my data. I followed the guide on this link that uses flash.sh to flash the NX in recovery mode. I’m using the standard image for JetPack 4.5 as my rootfs. I have following concerns with respect to the encryption feature:

  1. Is the encryption feature available only on module devices with eMMC? Because I read the code in flash.sh and it has the following section:

    rootdev_type="external";
if [[ "${target_rootdev}" == "internal" || "${target_rootdev}" == mmcblk0p* || \
    "${target_rootdev}" == ${BOOTDEV} ]]; then
  rootdev_type="internal";
  INITRD="";
  if [ ${disk_enc_enable} -eq 1 ]; then
  	target_rootdev="internal";
  fi
elif [ "${target_rootdev}" = "eth0" -o "${target_rootdev}" = "eth1" ]; then
  rootdev_type="network";
  disk_enc_enable=0;
elif [[ "${target_rootdev}" != "external" && "${target_rootdev}" != mmcblk1p* && \
  "${target_rootdev}" != sd* && "${target_rootdev}" != nvme* ]]; then
  echo "Error: Invalid target rootdev($target_rootdev).";
  usage rootdevunknown 1;
fi;
if [[ "${rootdev_type}" == "external" ]]; then.  <--- disables encryption on SD card devices
  disk_enc_enable=0;
fi;

    Here you can see that if the device boot device is mmcblk1p* which is the SD card, then it disables the disk encryption. How do I make it work with my SD Card?

  2. I tried hacking the script and forced disk_enc_enable=1, the installation proceeds normally for some time and fails with this error, I use the following command:

    sudo ROOTFS_ENC=1 ./flash.sh -i "./ekb.key" jetson-xavier-nx-devkit mmcblk1p1

    Which gives me following output:

    ###############################################################################
# L4T BSP Information:
# R32 , REVISION: 5.0
###############################################################################
# Target Board Information:
# Name: jetson-xavier-nx-devkit, Board Family: t186ref, SoC: Tegra 194, 
# OpMode: production, Boot Authentication: NS, 
# Disk encryption: enabled ,
###############################################################################
copying soft_fuses(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
./tegraflash.py --chip 0x19 --applet "/filer2/Linux_for_Tegra/bootloader/mb1_t194_prod.bin" --skipuid --soft_fuses tegra194-mb1-soft-fuses-l4t.cfg --bins "mb2_applet nvtboot_applet_t194.bin" --cmd "dump eeprom boardinfo cvm.bin;reboot recovery" 
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0310 ] Generating RCM messages
[   0.0329 ] tegrahost_v2 --chip 0x19 0 --magicid MB1B --appendsigheader /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod.bin zerosbk
[   0.0347 ] Header already present for /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod.bin
[   0.0397 ] 
[   0.0409 ] tegrasign_v2 --key None --getmode mode.txt
[   0.0416 ] Assuming zero filled SBK key
[   0.0421 ] 
[   0.0531 ] tegrasign_v2 --key None --file /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin --offset 2960 --length 1136 --pubkeyhash pub_key.key
[   0.0539 ] Assuming zero filled SBK key
[   0.0585 ] 
[   0.0661 ] tegrahost_v2 --chip 0x19 0 --updatesigheader /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.hash zerosbk
[   0.0701 ] 
[   0.0736 ] tegrabct_v2 --chip 0x19 0 --sfuse tegra194-mb1-soft-fuses-l4t.cfg.pdf sfuse.bin
[   0.0745 ] 
[   0.0751 ] tegrarcm_v2 --listrcm rcm_list.xml --chip 0x19 0 --sfuses sfuse.bin --download rcm /filer2/Linux_for_Tegra/bootloader/mb1_t194_prod_sigheader.bin 0 0
[   0.0778 ] RCM 0 is saved as rcm_0.rcm
[   0.0810 ] RCM 1 is saved as rcm_1.rcm
[   0.0812 ] RCM 2 is saved as rcm_2.rcm
[   0.0825 ] List of rcm files are saved in rcm_list.xml
[   0.0828 ] 
[   0.0828 ] Signing RCM messages
[   0.0840 ] tegrasign_v2 --key None --list rcm_list.xml --pubkeyhash pub_key.key --getmontgomeryvalues montgomery.bin
[   0.0847 ] Assuming zero filled SBK key
[   0.0893 ] 
[   0.0893 ] Copying signature to RCM mesages
[   0.0906 ] tegrarcm_v2 --chip 0x19 0 --updatesig rcm_list_signed.xml
[   0.0982 ] 
[   0.0983 ] Boot Rom communication
[   0.0996 ] tegrarcm_v2 --chip 0x19 0 --rcm rcm_list_signed.xml --skipuid
[   0.1002 ] RCM version 0X190001
[   0.1014 ] Boot Rom communication completed
[   1.1177 ] 
[   2.1201 ] tegrarcm_v2 --isapplet
[   2.1209 ] Applet version 01.00.0000
[   2.1378 ] 
[   2.1403 ] tegrarcm_v2 --ismb2
[   2.1730 ] 
[   2.1758 ] tegrahost_v2 --chip 0x19 --align nvtboot_applet_t194.bin
[   2.1786 ] 
[   2.1802 ] tegrahost_v2 --chip 0x19 0 --magicid PLDT --appendsigheader nvtboot_applet_t194.bin zerosbk
[   2.1810 ] adding BCH for nvtboot_applet_t194.bin
[   2.1837 ] 
[   2.1853 ] tegrasign_v2 --key None --list nvtboot_applet_t194_sigheader.bin_list.xml --pubkeyhash pub_key.key
[   2.1859 ] Assuming zero filled SBK key
[   2.1882 ] 
[   2.1891 ] tegrahost_v2 --chip 0x19 0 --updatesigheader nvtboot_applet_t194_sigheader.bin.encrypt nvtboot_applet_t194_sigheader.bin.hash zerosbk
[   2.1920 ] 
[   2.1952 ] tegrarcm_v2 --download mb2 nvtboot_applet_t194_sigheader.bin.encrypt
[   2.1969 ] Applet version 01.00.0000
[   2.2129 ] Sending mb2
[   2.2130 ] [................................................] 100%
[   2.2332 ] 
[   2.2347 ] tegrarcm_v2 --boot recovery
[   2.2356 ] Applet version 01.00.0000
[   2.2577 ] 
[   3.2602 ] tegrarcm_v2 --isapplet
[   3.2773 ] 
[   3.2787 ] tegrarcm_v2 --ismb2
[   3.2795 ] MB2 Applet version 01.00.0000
[   3.3133 ] 
[   3.3170 ] tegrarcm_v2 --ismb2
[   3.3180 ] MB2 Applet version 01.00.0000
[   3.3498 ] 
[   3.3524 ] Retrieving board information
[   3.3536 ] tegrarcm_v2 --oem platformdetails chip chip_info.bin
[   3.3554 ] MB2 Applet version 01.00.0000
[   3.3909 ] Saved platform info in chip_info.bin
[   3.3971 ] Chip minor revision: 2
[   3.3972 ] Bootrom revision: 0xf
[   3.3972 ] Ram code: 0x0
[   3.3972 ] Chip sku: 0xde
[   3.3972 ] Chip Sample: non es
[   3.3972 ] 
[   3.3977 ] Retrieving EEPROM data
[   3.3977 ] tegrarcm_v2 --oem platformdetails eeprom cvm /filer2/Linux_for_Tegra/bootloader/cvm.bin
[   3.3992 ] MB2 Applet version 01.00.0000
[   3.4230 ] Saved platform info in /filer2/Linux_for_Tegra/bootloader/cvm.bin
[   3.4617 ] 
[   3.4618 ] Rebooting to recovery mode
[   3.4634 ] tegrarcm_v2 --ismb2
[   3.4643 ] MB2 Applet version 01.00.0000
[   3.4952 ] 
[   3.4953 ] Rebooting to recovery mode
[   3.4967 ] tegrarcm_v2 --reboot recovery
[   3.5026 ] MB2 Applet version 01.00.0000
[   3.5292 ] 
Board ID(3668) version(200) sku(0000) revision(J.0)
Copy /filer2/Linux_for_Tegra/kernel/dtb/tegra194-p3668-all-p3509-0000.dtb to /filer2/Linux_for_Tegra/kernel/dtb/tegra194-p3668-all-p3509-0000.dtb.rec
copying bctfile(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-memcfg-p3668-0001-a00.cfg)... done.
copying bctfile1(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-memcfg-sw-override.cfg)... done.
copying device_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-bct-device-qspi-p3668.cfg)... done.
copying misc_cold_boot_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-misc-l4t.cfg)... done.
copying misc_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-misc-flash.cfg)... done.
copying pinmux_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-pinmux-p3668-a01.cfg)... done.
copying gpioint_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-gpioint-p3668-0001-a00.cfg)... done.
copying pmic_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-pmic-p3668-0001-a00.cfg)... done.
copying pmc_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-padvoltage-p3668-a01.cfg)... done.
copying prod_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra19x-mb1-prod-p3668-0001-a00.cfg)... done.
copying scr_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-scr-cbb-mini-p3668.cfg)... done.
copying scr_cold_boot_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-scr-cbb-mini-p3668.cfg)... done.
copying bootrom_config(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-bct-reset-p3668-0001-a00.cfg)... done.
copying dev_params(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-br-bct-qspi.cfg)... done.
Existing bootloader(/filer2/Linux_for_Tegra/bootloader/nvtboot_cpu_t194.bin) reused.
copying initrd(/filer2/Linux_for_Tegra/bootloader/l4t_initrd.img)... done.
prepare_luks_initrd: Begin to copy binaries into initrd
30402 blocks
49606 blocks
prepare_luks_initrd: Finish copying binaries into initrd
done.
  populating kernel to rootfs... done.
/filer2/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign /filer2/Linux_for_Tegra/rootfs/boot/Image
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0279 ] Generating signature
[   0.0291 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0298 ] Assuming zero filled SBK key
[   0.0302 ] 
[   0.0304 ] header_magic: 5614
[   0.0320 ] tegrahost_v2 --chip 0x19 --align 1_Image
[   0.0330 ] 
[   0.0334 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_Image zerosbk
[   0.0338 ] adding BCH for 1_Image
[   0.7750 ] 
[   0.7798 ] tegrasign_v2 --key  --list 1_Image_sigheader_list.xml --pubkeyhash pub_key.key
[   0.7805 ] Assuming zero filled SBK key
[   1.0234 ] 
[   1.0255 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_Image_sigheader.encrypt 1_Image_sigheader.hash zerosbk
[   1.5205 ] 
[   1.7199 ] Signed file: /filer2/Linux_for_Tegra/bootloader/Image_sigheader.encrypt
l4t_sign_image.sh: Generate header for Image_sigheader.encrypt
l4t_sign_image.sh: chip 0x19: add 0x20bf808 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for Image_sigheader.encrypt
l4t_sign_image.sh: the sign header is saved at /filer2/Linux_for_Tegra/rootfs/boot/Image.sig
done.
  populating initrd to rootfs... done.
/filer2/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign /filer2/Linux_for_Tegra/rootfs/boot/initrd
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0405 ] Generating signature
[   0.0422 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0430 ] Assuming zero filled SBK key
[   0.0434 ] 
[   0.0437 ] header_magic: 1f8b0800
[   0.0446 ] tegrahost_v2 --chip 0x19 --align 1_initrd
[   0.0453 ] 
[   0.0459 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_initrd zerosbk
[   0.0468 ] adding BCH for 1_initrd
[   0.3640 ] 
[   0.3678 ] tegrasign_v2 --key  --list 1_initrd_sigheader_list.xml --pubkeyhash pub_key.key
[   0.3691 ] Assuming zero filled SBK key
[   0.5989 ] 
[   0.6002 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_initrd_sigheader.encrypt 1_initrd_sigheader.hash zerosbk
[   0.7745 ] 
[   0.8958 ] Signed file: /filer2/Linux_for_Tegra/bootloader/initrd_sigheader.encrypt
l4t_sign_image.sh: Generate header for initrd_sigheader.encrypt
l4t_sign_image.sh: chip 0x19: add 0xad42ae to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for initrd_sigheader.encrypt
l4t_sign_image.sh: the sign header is saved at /filer2/Linux_for_Tegra/rootfs/boot/initrd.sig
done.
  populating /filer2/Linux_for_Tegra/kernel/dtb/tegra194-p3668-all-p3509-0000.dtb to rootfs... done.
Making Boot image... done.
/filer2/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign boot.img
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0015 ] Generating signature
[   0.0030 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0036 ] Assuming zero filled SBK key
[   0.0041 ] 
[   0.0045 ] header_magic: 414e4452
[   0.0062 ] tegrahost_v2 --chip 0x19 --align 1_boot.img
[   0.0074 ] 
[   0.0087 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_boot.img zerosbk
[   0.0142 ] adding BCH for 1_boot.img
[   1.0378 ] 
[   1.0429 ] tegrasign_v2 --key  --list 1_boot_sigheader.img_list.xml --pubkeyhash pub_key.key
[   1.0442 ] Assuming zero filled SBK key
[   1.3981 ] 
[   1.4001 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_boot_sigheader.img.encrypt 1_boot_sigheader.img.hash zerosbk
[   2.2164 ] 
[   2.6025 ] Signed file: /filer2/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.encrypt
l4t_sign_image.sh: Generate header for boot_sigheader.img.encrypt
l4t_sign_image.sh: chip 0x19: add 0x2b95000 to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for boot_sigheader.img.encrypt
l4t_sign_image.sh: the signed file is /filer2/Linux_for_Tegra/bootloader/temp_user_dir/boot_sigheader.img.encrypt
done.
Making recovery ramdisk for recovery image...
Re-generating recovery ramdisk for recovery image...
/filer2/Linux_for_Tegra/bootloader/ramdisk_tmp /filer2/Linux_for_Tegra/bootloader /filer2/Linux_for_Tegra
30402 blocks
_BASE_KERNEL_VERSION=4.9.201-tegra
/filer2/Linux_for_Tegra/bootloader/ramdisk_tmp/lib /filer2/Linux_for_Tegra/bootloader/ramdisk_tmp /filer2/Linux_for_Tegra/bootloader /filer2/Linux_for_Tegra
65765 blocks
Making Recovery image...
copying recdtbfile(/filer2/Linux_for_Tegra/kernel/dtb/tegra194-p3668-all-p3509-0000.dtb.rec)... done.
20+0 records in
20+0 records out
20 bytes copied, 0.000487891 s, 41.0 kB/s
Existing sosfile(/filer2/Linux_for_Tegra/bootloader/mb1_t194_prod.bin) reused.
Existing tegraboot(/filer2/Linux_for_Tegra/bootloader/nvtboot_t194.bin) reused.
Existing cpu_bootloader(/filer2/Linux_for_Tegra/bootloader/nvtboot_cpu_t194.bin) reused.
Existing mb2blfile(/filer2/Linux_for_Tegra/bootloader/nvtboot_recovery_t194.bin) reused.
Existing mtspreboot(/filer2/Linux_for_Tegra/bootloader/preboot_c10_prod_cr.bin) reused.
Existing mcepreboot(/filer2/Linux_for_Tegra/bootloader/mce_c10_prod_cr.bin) reused.
Existing mtsproper(/filer2/Linux_for_Tegra/bootloader/mts_c10_prod_cr.bin) reused.
Existing mb1file(/filer2/Linux_for_Tegra/bootloader/mb1_t194_prod.bin) reused.
Existing bpffile(/filer2/Linux_for_Tegra/bootloader/bpmp_t194.bin) reused.
copying bpfdtbfile(/filer2/Linux_for_Tegra/bootloader/t186ref/tegra194-a02-bpmp-p3668-a00.dtb)... done.
Existing scefile(/filer2/Linux_for_Tegra/bootloader/camera-rtcpu-sce.img) reused.
Existing camerafw(/filer2/Linux_for_Tegra/bootloader/camera-rtcpu-rce.img) reused.
Existing spefile(/filer2/Linux_for_Tegra/bootloader/spe_t194.bin) reused.
Existing drameccfile(/filer2/Linux_for_Tegra/bootloader/dram-ecc.bin) reused.
Existing badpagefile(/filer2/Linux_for_Tegra/bootloader/badpage.bin) reused.
Existing wb0boot(/filer2/Linux_for_Tegra/bootloader/warmboot_t194_prod.bin) reused.
Existing tosfile(/filer2/Linux_for_Tegra/bootloader/tos-trusty_t194.img) reused.
Existing eksfile(/filer2/Linux_for_Tegra/bootloader/eks.img) reused.
copying soft_fuses(/filer2/Linux_for_Tegra/bootloader/t186ref/BCT/tegra194-mb1-soft-fuses-l4t.cfg)... done.
copying dtbfile(/filer2/Linux_for_Tegra/kernel/dtb/tegra194-p3668-all-p3509-0000.dtb)... done.
Copying nv_boot_control.conf to rootfs
XPath set is empty
/filer2/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign kernel_tegra194-p3668-all-p3509-0000.dtb
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0053 ] Generating signature
[   0.0064 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0070 ] Assuming zero filled SBK key
[   0.0073 ] 
[   0.0077 ] header_magic: d00dfeed
[   0.0127 ] tegrahost_v2 --chip 0x19 --align 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0143 ] 
[   0.0152 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_kernel_tegra194-p3668-all-p3509-0000.dtb zerosbk
[   0.0164 ] adding BCH for 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0241 ] 
[   0.0265 ] tegrasign_v2 --key  --list 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[   0.0272 ] Assuming zero filled SBK key
[   0.0323 ] 
[   0.0350 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.hash zerosbk
[   0.0407 ] 
[   0.0428 ] Signed file: /filer2/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: Generate header for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: chip 0x19: add 0x30c8e to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: the sign header is saved at kernel_tegra194-p3668-all-p3509-0000.dtb.sig
done.
/filer2/Linux_for_Tegra/bootloader/tegraflash.py  --chip 0x19 --key  --cmd sign kernel_tegra194-p3668-all-p3509-0000.dtb
Welcome to Tegra Flash
version 1.0.0
Type ? or help for help and q or quit to exit
Use ! to execute system commands

[   0.0022 ] Generating signature
[   0.0079 ] tegrasign_v2 --key  --getmode mode.txt
[   0.0089 ] Assuming zero filled SBK key
[   0.0096 ] 
[   0.0099 ] header_magic: d00dfeed
[   0.0110 ] tegrahost_v2 --chip 0x19 --align 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0173 ] 
[   0.0269 ] tegrahost_v2 --chip 0x19 0 --magicid DATA --appendsigheader 1_kernel_tegra194-p3668-all-p3509-0000.dtb zerosbk
[   0.0320 ] adding BCH for 1_kernel_tegra194-p3668-all-p3509-0000.dtb
[   0.0394 ] 
[   0.0428 ] tegrasign_v2 --key  --list 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb_list.xml --pubkeyhash pub_key.key
[   0.0434 ] Assuming zero filled SBK key
[   0.0454 ] 
[   0.0492 ] tegrahost_v2 --chip 0x19 0 --updatesigheader 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt 1_kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.hash zerosbk
[   0.0549 ] 
[   0.0584 ] Signed file: /filer2/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: Generate header for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: chip 0x19: add 0x30c8e to offset  0x8 in sig file
l4t_sign_image.sh: Generate 16-byte-size-aligned base file for kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
l4t_sign_image.sh: the signed file is /filer2/Linux_for_Tegra/bootloader/temp_user_dir/kernel_tegra194-p3668-all-p3509-0000_sigheader.dtb.encrypt
done.
generating  for booting... 
Making APPFILE... 
Error: file system size has to be 512 bytes allign
3

hello hatake_kakashi,

yes, Jetson security only supports with eMMC modules; due to SD card is removeable, it is not supported.

1 Like