Orin NX disk encryption

I am currently flashing my Jetson Orin NX for my custom carrier board with the following command:

./tools/kernel_flash/l4t_initrd_flash.sh --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_external.xml -p “-c bootloader/t186ref/cfg/flash_t234_qspi.xml” --showlogs --network usb0 p3509-a02+p3767-0000 internal

I now want to encrypt my external nvme hard drive as described in the readme of lv5_initrd_flash. I’ve tried a lot but unfortunately it doesn’t work. Do I need to follow any additional steps?

I have created the disk encryption key with the following documentaion:

What should my flash command be and how can I check if it worked?

hello deveso,

may I know which Jetpack release you’re working with?
please check release tag, $ cat /etc/nv_tegra_release for confirmaiton.

please also share your complete steps and messages to enable disk encryption for reference.

Hello Jerry, this is my release tag:

R35 (release), REVISION: 3.1, GCID: 32827747, BOARD: t186ref, EABI: aarch64, DATE: Sun Mar 19 15:19:21 UTC 2023

These are my commands as described in the readme. I have to use l4t_initrd_flash.sh because flash.sh doesn’t work with the Orin NX

echo “00000000000000000000000000000000” > ekb.key
./tools/kernel_flash/l4t_initrd_flash.sh ROOTFS_ENC=1 --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_external.xml -p “-i ekb.key” -S 250GiB “-c bootloader/t186ref/cfg/flash_t234_qspi.xml” --showlogs --network usb0 p3509-a02+p3767-0000 internal

hello deveso,

so… what’s the error logs looks like?

flash_log.txt (227.5 KB)

hello deveso,

that’s incorrect commands, please revise the last column, it should be “external”.
for example,
./tools/kernel_flash/l4t_initrd_flash.sh ROOTFS_ENC=1 --external-device nvme0n1p1 -c tools/kernel_flash/flash_l4t_external.xml -p “-i ekb.key” -S 250GiB “-c bootloader/t186ref/cfg/flash_t234_qspi.xml” --showlogs --network usb0 p3509-a02+p3767-0000 external

Thanks for your help. Unfortunately it still doesn’t work.

flash_log_external.txt (225.1 KB)

This is my log from the flash process without encryption that works:

flash_log_without_encryption.txt (291.2 KB)

1 Like

hello deveso,

FYI, we’re working on the fixes to address the failure.


Thanks. Are there any updates?

1 Like

We urgently need the encryption. Is there any new information?

Sorry for the late response, our team will do the investigation and provide suggestions soon. Thanks

Hi deveso,

Confirmed Disk Encryption function is working on JetPack-5.1.2.

  1. Generate images for QSPI:
    $ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs -p "-c bootloader/t186ref/cfg/flash_t234_qspi.xml" --no-flash --network usb0 jetson-orin-nano-devkit internal

  2. Generate images for external storage device:
    $ sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./ekb.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append --network usb0 jetson-orin-nano-devkit external

  3. Flash images into the both storage devices:
    $ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --network usb0 --flash-only

Reference document link: Flashing Support — Jetson Linux Developer Guide documentation

Hi, third step gives an error “Error: Could not stat device /dev/mmcblk0 - No such file or directory.”. Is there a possibility that some arguments lost? I’ve got Orin NX dev kit with NVME external disk. Flashing with sdkmanager gives no such error.
error_log.txt (7.3 KB)

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.