Options for encryption at rest for application data

I am working on enabling secure boot and Trusty execution environment for my application. I was wondering if there was a best practice for this the Jetson TX2i for securing files at rest. I saw mention of a Generalized Security Carveout (GSC) in a description of the secure boot process that makes it seem like it would be the appropriate method. Would using that be the best approach? Or would it be better to provide a trusted application to provide access to the data through Trusty?

hello john.durkop,

please download L4T sources via download center.
you may extract the ATF and Trusty source code from these two packages, atf_src.tbz2 and trusty_src.tbz2,
please also refer to the readme file, atf_and_trusty_README.txt for the instructions and steps for building them.