I have successfully enabled Secure Boot and SSD encryption on my Jetson Orin NX device running JetPack 6.2.
The challenge I’m facing is that once the device is encrypted and Secure Boot is enabled, it seems I can no longer back up and flash the same image onto another device.
(If there is a supported way to do this, I would really appreciate any guidance or official documentation.)
Therefore, I’m considering two approaches to prepare a golden image:
Copy the entire rootfs (from a working system with all required packages like CUDA, DeepStream, OpenCV installed) into the Linux_for_Tegra/rootfs/ directory before running Secure Boot and encryption.
Manually install and configure all required packages (CUDA, DeepStream, OpenCV, etc.) directly into the Linux_for_Tegra/rootfs/ prior to image creation.
I’m wondering:
Does NVIDIA recommend an official procedure or best practice for this use case?
Is there a supported workflow to generate and reuse a golden image on multiple devices after enabling Secure Boot and rootfs encryption?
Any insight or step-by-step guidance would be greatly appreciated.
you may use l4t_generate_ota_package.sh script to include -f and -o options to update rootfs partition.
please check readme file, Image_based_OTA_Examples.txt for the steps for using this golden image in an image-based OTA.
for example, [Case 15: rootfs A/B enabled, disk encryption enabled]
I’ve checked the path you mentioned: Linux_for_Tegra/tools/ota_tools/version_upgrade/
However, I could not find the l4t_generate_ota_package.sh script or the Image_based_OTA_Examples.txt file in that directory.
Could you please confirm if these files are included in JetPack 6.2 (Jetson Linux 36.4.3)? If not, is there an updated or alternative method for performing image-based OTA in this version?