What we have done so far: Following the encryption section, we executed <gen_luks.sh /dev/nvme0n1p1 CRYPTDATA>, after Linux booted up and restarted as prompted. However, after rebooting, the startup log printed:
[ 24.922500] /dev/nvme0n1p1 can't be formatted
[ 35.166915] ERROR: device /dev/nvme0n1p1 can't be formatted
After boot, the expected directory did not appear under /dev/mapper/CRYPTDATA. Is this because the eks.img supporting disk encryption was not generated? The documentation for SDK 35.4.1 indicates that disk encryption is not supported—is this the reason?
3. There is a question about the process described in the encryption section: Is the encrypted partition created during the power-on process?
what did you meant dynamically created partitions?
according to developer guide, you must re-flash a target to enable disk encryption. it has partition layout update to add APP_ENC partition.
FYI, the boot partition (i.e. APP) remains in an unencrypted format, so the bootloader can still load kernel and device tree blob; the root partition (i.e. APP_ENC) would be encrypted.
it’s the approach to encrypt a specific partition at run time.
please check… $ ls -la /dev/disk/by-partlabel/, nvme0n1p1 it’s APP partition. so, you may try with UDA partition instead.
note, gen_luks.sh is a tool to mark the partition as encrypted and inird will handle the real disk encryption process.
the record is in /opt/nvidia/cryptluks file.
ok finally we use the dynamically created partitions after enable disk encryptation and use new eks.img with specified diskencrypt key. 3q for your reply
