I’m basing myself of Flash Instructions and this issue
Right now, I’m just running the example.sh script to generate the default keys.
# Generate Keys
./example.sh
cd $SCRIPT_DIR/Linux_for_Tegra
# Copy keys
cp ./source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/sym2_t234.key ./sym2_t234.key
rm ./bootloader/eks_t234.img
cp ./source/public/optee/samples/hwkey-agent/host/tool/gen_ekb/eks_t234.img ./bootloader/eks_t234.img
# Generate encrypted Rootfs
sudo ./flash.sh --no-flash -k A_eks -i "sym2_t234.key" jetson-agx-orin-devkit mmcblk0p1
# Flash steps taken from the Docs
## Generate images for QSPI
sudo ROOTFS_AB=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs -p "-c bootloader/generic/cfg/flash_t234_qspi.xml" --no-flash --network usb0 jetson-orin-nano-devkit internal
sudo cp ./bootloader/eks_t234_sigheader.img.encrypt ./tools/kernel_flash/images/internal/eks_t234_sigheader.img.encrypt
## Generate images for external storage device
sudo ROOTFS_AB=1 ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./sym2_t234.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_ab_enc.xml --external-only --append --network usb0 jetson-orin-nano-devkit external
## Flash only step
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --network usb0 --flash-only
I also tried replacing the ## Flash only step with the following while resetting the device in Recover Mode after running each command.
sudo ./tools/kernel_flash/l4t_initrd_flash.sh -k A_eks --flash-only --showlogs
sudo ./tools/kernel_flash/l4t_initrd_flash.sh -k B_eks --flash-only --showlogs
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --network usb0 --flash-only
None of these seem to work, as the device buts with Kernel panic error.
No key available with this passphrase
ERROR: Failed to unlock the /dev/nvme0n1p3
/bin/bash: line 1: crypt_root_other: command not found
/bin/bash: line 2: crypt_UDA: command not found
Kernel panic not syncing.