Partitioning with Orin NX disk encryption is not working properly

alex.iakov1337 · September 5, 2023, 3:00pm

Hello,
I’m using an Orin NX 16GB on a Orin Nano carrier board. The goal was to enable Disk Encryption. With commands from here I’ve managed to make encryption with custom keys. But there is some problem with partitioning disk while flashing.
I’ve tried different disks with different sizes but the maximum size that I can flash Jetson is 59 GB.

If I try to make image with:

sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./sym2_t234.key -c ./tools

and using flag -S <size>GIB, where size - is rootfs size more than 59, I get two type of errors, that are randomly appearing. Such as:
End sector for APP_ENC, expected at: 122159070, actual: 0 Error: Return value 4
Or Error: Could not stat device /dev/mmcblk0 - No such file or directory
I’ve already tried to patch flash_l4t_t234_nvme_rootfs_enc.xml but no results. Is there something I missed?

carolyuu · September 6, 2023, 5:50am

Hi alex.iakov1337,

Please add “EXT_NUM_SECTORS=[size]” to you flash command.

Example set size=100GB

$ sudo ROOTFS_ENC=1 EXT_NUM_SECTORS=209715200 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./ekb.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append --network usb0 jetson-orin-nano-devkit external

alex.iakov1337 · September 6, 2023, 6:24am

Hi carolyuu,
Tried your command, but it’s the same result as before. Attaching screenshot from flashing to another disk.

UPD: tried this command sudo ROOTFS_ENC=1 EXT_NUM_SECTORS=209715200 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./ekb.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml -S 100GiB --external-only --append --network usb0 jetson-orin-nano-devkit external
And still having error:

[   2.7967 ] End sector for APP_ENC, expected at: 209715166, actual: 0
Error: Return value 4
Command tegraparser_v2 --generategpt --pt flash.xml.bin
Error: /home/user/Desktop/Linux_for_Tegra/bootloader/signed/flash.idx is not found
Error: failed to relocate images to /home/user/Desktop/Linux_for_Tegra/tools/kernel_flash/images
Cleaning up...

JerryChang · September 6, 2023, 7:51am

hello alex.iakov1337,

you may check $ sudo fdisk -l /dev/sd* to examnie your mounted device.

alex.iakov1337 · September 6, 2023, 7:58am

hi JerryChang,
output looks the same as on my screenshot.

user@jetson:~$ sudo fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 465.78 GiB, 500107862016 bytes, 976773168 sectors
Disk model: Samsung SSD 970 EVO Plus 500GB
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 6B40C178-1EFB-478F-A849-6D60623FA474

Device            Start       End   Sectors   Size Type
/dev/nvme0n1p1  3050048   3869247    819200   400M Microsoft basic data
/dev/nvme0n1p2  3869248 118393407 114524160  54.6G Microsoft basic data
/dev/nvme0n1p3       40    262183    262144   128M Microsoft basic data
/dev/nvme0n1p4   262184    263719      1536   768K Microsoft basic data
/dev/nvme0n1p5   263720    328487     64768  31.6M Microsoft basic data
/dev/nvme0n1p6   328488    590631    262144   128M Microsoft basic data
/dev/nvme0n1p7   590632    592167      1536   768K Microsoft basic data
/dev/nvme0n1p8   592168    656935     64768  31.6M Microsoft basic data
/dev/nvme0n1p9   656936    820775    163840    80M Microsoft basic data
/dev/nvme0n1p10  820776    821799      1024   512K Microsoft basic data
/dev/nvme0n1p11  821800    952871    131072    64M EFI System
/dev/nvme0n1p12  952872   1116711    163840    80M Microsoft basic data
/dev/nvme0n1p13 1116712   1117735      1024   512K Microsoft basic data
/dev/nvme0n1p14 1117736   1248807    131072    64M Microsoft basic data
/dev/nvme0n1p15 1248832   2068031    819200   400M Microsoft basic data
/dev/nvme0n1p16 2068032   3050047    982016 479.5M Microsoft basic data

I’ve tried parted

user@jetson:~$ sudo parted /dev/nvme0n1
GNU Parted 3.3
Using /dev/nvme0n1
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print free
Model: Samsung SSD 970 EVO Plus 500GB (nvme)
Disk /dev/nvme0n1: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name                Flags
        17.4kB  20.5kB  3072B   Free Space
 3      20.5kB  134MB   134MB                A_kernel            msftdata
 4      134MB   135MB   786kB                A_kernel-dtb        msftdata
 5      135MB   168MB   33.2MB               A_reserved_on_user  msftdata
 6      168MB   302MB   134MB                B_kernel            msftdata
 7      302MB   303MB   786kB                B_kernel-dtb        msftdata
 8      303MB   336MB   33.2MB               B_reserved_on_user  msftdata
 9      336MB   420MB   83.9MB               recovery            msftdata
10      420MB   421MB   524kB                recovery-dtb        msftdata
11      421MB   488MB   67.1MB  fat32        esp                 boot, esp
12      488MB   572MB   83.9MB               recovery_alt        msftdata
13      572MB   572MB   524kB                recovery-dtb_alt    msftdata
14      572MB   639MB   67.1MB               esp_alt             msftdata
        639MB   639MB   12.3kB  Free Space
15      639MB   1059MB  419MB                UDA                 msftdata
16      1059MB  1562MB  503MB                reserved            msftdata
 1      1562MB  1981MB  419MB   ext4         APP                 msftdata
 2      1981MB  60.6GB  58.6GB               APP_ENC             msftdata
        60.6GB  500GB   439GB   Free Space

And as you can see there is a lot of free space.

carolyuu · September 8, 2023, 2:48am

Hi alex.iakov1337,

For Generate images for external storage device:
The EXT_NUM_SECTORS size need smaller than your NVMe actual size and bigger than APP size.

Example:
If your NVMe SSD is 128GiB
Set EXT_NUM_SECTORS=240000000 (about 114GiB) → smaller than NVMe actual size.
Set -S = 100GiB → bigger than APP size.
sudo ROOTFS_ENC=1 EXT_NUM_SECTORS=240000000 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs --no-flash --external-device nvme0n1p1 -i ./ekb.key -S 100GiB -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append --network usb0 jetson-orin-nano-devkit external

Result:

$ df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/crypt_root   98G  5.7G   87G   7% /
/dev/mapper/crypt_UDA   374M   14K  350M   1% /mnt/crypt_UDA
none                    3.6G     0  3.6G   0% /dev
tmpfs                   3.7G   36K  3.7G   1% /dev/shm
tmpfs                   748M   19M  729M   3% /run
tmpfs                   5.0M  4.0K  5.0M   1% /run/lock
tmpfs                   3.7G     0  3.7G   0% /sys/fs/cgroup
/dev/nvme0n1p1          371M   96M  248M  28% /boot
tmpfs                   748M   44K  748M   1% /run/user/1000

alex.iakov1337 · September 8, 2023, 6:37am

Hi carolyuu,
Confirming your method works,thanks!

system · September 22, 2023, 6:37am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.