I have a custom board that I could setup using the SDK manager and provided BSP by the board manufacturer. I was able to install and setup a JP 5.1.1 ubuntu 20.04 without any problems. Now I want to add disk encryption to the flashing process but I couldn’t make it work.
I have followed the docs’ security section to generate a eks.img through OP-TEE source package using the ekb.key “f0e0d0c0b0a001020304050607080900”. eks.img was actually named eks_t234.img but the docs only said eks.img so I created a copy to have them both under /Linux_For_Tegra/bootloader just to make sure.
I have also seen this thread that suggests the disk encryption is not available yet. I also would like a confirmation that it is indeed possible and we’re note barking up the wrong tree here.
The command I tried for flashing;
sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml -p "-i ekb.key" -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" --showlogs --network usb0 jetson-orin-nano-devkit internal
To reiterate I can set the device up without using the encryption bits in the command above.
I am attaching the full log for the command: encrypted-flash.log (169.7 KB)
Any help at this point would be much appreciated.