Overlayfs not working with encrypted rootfs on external NVMe

Robotics & Edge Computing Jetson Systems Jetson AGX Orin
,
1

Hi!

Is overlayfs supported when the root filesystem is encrypted and located on an external device?

My setup:

  • Jetson flashed with ROOTFS_ENC=1

  • L4T 36.4.4

  • Root filesystem on NVMe

  • Overlayfs enabled via sudo nv_overlayfs_config -e

  • Status check (after reboot) sudo nv_overlayfs_config -s

  • Output:

    Overlayfs is enabled

However, I do not see an overlay mount in mount / findmnt. Filesystem changes remain persistent across reboots, which suggests overlayfs is not actually active

Below is the lsblk output.

NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
loop0            7:0    0    16M  1 loop  
mmcblk0        179:0    0  59.2G  0 disk  
├─mmcblk0p1    179:1    0  57.8G  0 part  
├─mmcblk0p2    179:2    0   128M  0 part  
├─mmcblk0p3    179:3    0   768K  0 part  
├─mmcblk0p4    179:4    0  31.6M  0 part  
├─mmcblk0p5    179:5    0   128M  0 part  
├─mmcblk0p6    179:6    0   768K  0 part  
├─mmcblk0p7    179:7    0  31.6M  0 part  
├─mmcblk0p8    179:8    0    80M  0 part  
├─mmcblk0p9    179:9    0   512K  0 part  
├─mmcblk0p10   179:10   0    64M  0 part  
├─mmcblk0p11   179:11   0    80M  0 part  
├─mmcblk0p12   179:12   0   512K  0 part  
├─mmcblk0p13   179:13   0    64M  0 part  
├─mmcblk0p14   179:14   0   400M  0 part  
└─mmcblk0p15   179:15   0 479.5M  0 part  
mmcblk0boot0   179:32   0     4M  1 disk  
mmcblk0boot1   179:64   0     4M  1 disk  
zram0          252:0    0   3.8G  0 disk  [SWAP]
zram1          252:1    0   3.8G  0 disk  [SWAP]
zram2          252:2    0   3.8G  0 disk  [SWAP]
zram3          252:3    0   3.8G  0 disk  [SWAP]
zram4          252:4    0   3.8G  0 disk  [SWAP]
zram5          252:5    0   3.8G  0 disk  [SWAP]
zram6          252:6    0   3.8G  0 disk  [SWAP]
zram7          252:7    0   3.8G  0 disk  [SWAP]
nvme0n1        259:0    0 931.5G  0 disk  
├─nvme0n1p1    259:1    0   400M  0 part  /boot
├─nvme0n1p2    259:2    0 899.6G  0 part  
│ └─crypt_root 253:0    0 899.6G  0 crypt /
├─nvme0n1p3    259:3    0   128M  0 part  
├─nvme0n1p4    259:4    0   768K  0 part  
├─nvme0n1p5    259:5    0  31.6M  0 part  
├─nvme0n1p6    259:6    0   128M  0 part  
├─nvme0n1p7    259:7    0   768K  0 part  
├─nvme0n1p8    259:8    0  31.6M  0 part  
├─nvme0n1p9    259:9    0    80M  0 part  
├─nvme0n1p10   259:10   0   512K  0 part  
├─nvme0n1p11   259:11   0    64M  0 part  /boot/efi
├─nvme0n1p12   259:12   0    80M  0 part  
├─nvme0n1p13   259:13   0   512K  0 part  
├─nvme0n1p14   259:14   0    64M  0 part  
├─nvme0n1p15   259:15   0   400M  0 part  
│ └─crypt_UDA  253:1    0   384M  0 crypt /mnt/crypt_UDA
└─nvme0n1p16   259:16   0 479.5M  0 part

Any guidance or confirmation would be appreciated.

Thanks!

2

*** Please note that this reply is generated by LLM automatically ***

Based on the provided context, I will attempt to provide a comprehensive answer.

The question revolves around the support of overlayfs when the root filesystem is encrypted and located on an external device, specifically an NVMe drive, on a Jetson AGX Orin device.

To address this question, let’s break down the information provided:

  1. The Jetson AGX Orin device is flashed with L4T 36.4.4.
  2. The root filesystem is located on an external NVMe device.
  3. Overlayfs is enabled via the status check after reboot.
  4. However, the output does not show an overlay mount, and filesystem changes remain persistent across reboots, suggesting that overlayfs is not actually active.

To provide guidance or confirmation, let’s examine the context:

  • The provided context does not explicitly mention overlayfs support for encrypted root filesystems on external devices.
  • However, it does provide information on flashing the encrypted rootfs on the host with flash.sh for the Jetson AGX Orin, which requires an update of the Linux_for_Tegra/bootloader/eks_<platform>.img.
  • The context also mentions that flashing the encrypted rootfs on the host with flash.sh for the Jetson AGX Orin requires generating a test EKS image using the OP-TEE source package and updating the eks_<platform>.img file.

Based on this information, it appears that overlayfs support for encrypted root filesystems on external devices is not explicitly mentioned in the provided context. However, it is possible that overlayfs is not compatible with encrypted root filesystems on external devices.

To confirm this, I would recommend checking the official documentation for L4T 36.4.4 and the Jetson AGX Orin device to see if overlayfs is supported in this configuration. Additionally, you may want to try disabling encryption or using a different storage device to see if overlayfs works as expected.

In comparison, the provided context does not mention any specific issues or limitations with overlayfs on internal storage devices, such as eMMC. Therefore, it is possible that overlayfs may work as expected on internal storage devices.

In summary, while the provided context does not explicitly mention overlayfs support for encrypted root filesystems on external devices, it is possible that overlayfs may not be compatible with this configuration. Further investigation and confirmation are recommended to determine the root cause of the issue.

*** Please give the thumbs up if you get answers you like. Or provide feedback to help us improve the answer. ***

5

hello yakovyna,

unfortunately, overlayfs can only be supported when the disk encryption is disabled.