Secure boot and disk encryption with maxim power and other libraries(like deepstream)

Hello,

Can you help me with such questions please?

  1. Is there a way to flash a device via sdkmanager with secure boot and disk encryption?
  2. In case we follow the steps from secure boot and disk encryption instructions, how can we have a system with all libraries(like deepstream) and function (like maxim power mode ) on the device?

Example I use:
x86 with ubuntu 20 host machine
Jetson Orin Nano 8GB with sd card(BOARDID=3767 BOARDSKU=0005)

Followed the instruction from here(Thanks very much to the guys):

with a loot of work around like:
Flashing Issues with Jetson Orin Nano 8GB on A603 Carrier Board - EEPROM issue - Single Board Computers - Seeed Studio Forum (while you have such answers: ERROR: might be timeout in USB write)
Install OpenCV on Jetson Orin Nano - Q-engineering
and many others work arounds.

Now, the device flashed via sdk manager:
|

and a device with disk encryption:

in this link I cannot find the files for L4T 36.4.2:

there are just files for L4T 36.4.0
for example for this 2 issue you suggest to reflash once again via sdk manager:

  1. How can I enable maxim power mode on jetson orin nano with secure boot and disk encryption?

Thank you in advanced…

hello oleg.burmistr,

you must use the flash command-line to add keys and flash options (i.e. ROOTFS_ENC) for image flashing.
please see-also Topic 270934 as an example.

Hello, thank you for you answer, but looks like you did not read the question. We have successfully disc encryption and secure boot setup, but without any libraries like deepstream, the main question is: how can we set up disk encryption and maxim power mode on jetson orin nano development kit, both together?
Flashing via “sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh” does not allow me to enable maxim power(25W) mode on jetson orin nano development kit, just in case I flash via sdk manager this mode is available, see please images above, from jtop.

hello oleg.burmistr,

you may see-also… Jetson Orin Nano Developer Kit Getting Started Guide | NVIDIA Developer

It does not helped.
I deleted /etc/nvpmodel.conf, after restart maxim power mode does not appear.
I tried to delete even /var/lib/nvpmodel/status according with this topic:

I even copied nvpmodel_p3767_0003_super.conf from the device flashed via sdk manager to the device with encryption and changed link from nvpmodel_p3767_0003.conf to nvpmodel_p3767_0003_super.conf in this case this mode appear on gui, but it does change nothing, even after restart maxim consumed power was 15W and nothing changed on cpu/gpu frequencies.

hello oleg.burmistr,

it’s apparently you’ve flashed a target with previous image.

let’s have confirmation of your environment setup,
according to Jetpack-6.1 (rev.1). its JetPack 6.1 now supports the Jetson Orin Nano Super Developer Kit.
so… did you re-install Jetpack release to your host machine? please re-flash a target with JP-6.1 public release.

BTW,
you shall see there’s a new board config file, jetson-orin-nano-devkit-super.conf
please check you’ve re-install JetPack 6.1 with SDKManager. please note that you should install Orin Nano 8GB Developer kit version.

Hello JerryChang,
One again, could you please see the images from initial question, there is a screenshot of jtop , there we can see, on target with secure boot is installed jetpack 6.1(L4T36.4.0).
In this link is not available jetpack 6.1(L4T36.4.2).

Secondly, the main requirement for our system is disk encryption, which is not supported by sdkmanager, disk encryption is possible to have just via command line as you said on your first replay, AND I ask again how can I install jetpack 6.1(L4T36.4.2) not jetpack 6.1(L4T36.4.0) from this link.

Is it possible to flash via sdkmanager on a target with burned fused(I was not able to see the linux login screen on a target flashed via skdmanger after there was burned fuses and installed a system with secure boot)?

Thank you in advance…

BTW,
You are absolutely right, after flashing via sdkmanger maxim power is available on target, but in case we use command line, it is not available, we have actually 3 targets of jetson orin nano development kit, 2 of them are with disk encryption with jetpack 6.1(L4T36.4.0) without maxim power mode, and one without disk encryption flashed via sdkmanager with jetpack 6.1(L4T36.4.2) with maxim power mode.
Initially you say we can have disk encryption just via command line, and in next replay ask us to flash the system via sdkmanager, I feel like you are contradicting yourself.

you must use the flash command-line to add keys and flash options (i.e. ROOTFS_ENC ) for image flashing.
please do remove the image, and running the initrd script to re-create the image with super board config.

New input,
in this topic, I’ve just found there can be used jetson-orin-nano-devkit-super
instead of jetson-orin-nano-devkit, but according with DanielLLL replay

How can we create image with super board config on jetpack 6.1?
Can you please write here exactly steps?
Thank you in advance…

don’t you use Orin Nano with SD card version?

here’s developer guide To Flash the Jetson Developer Kit Operating Software.
re-cap as below.

  • Jetson Orin Nano Developer Kit with Super Configuration (SD card):
$ sudo ./tools/kernel_flash/l4t_initrd_flash.sh --external-device mmcblk0p1 \
  -c tools/kernel_flash/flash_l4t_t234_nvme.xml -p "-c bootloader/generic/cfg/flash_t234_qspi.xml" \
  --showlogs --network usb0 jetson-orin-nano-devkit-super internal

Yes, I use Orin Nano with SD card version(BOARDID=3767 BOARDSKU=0005)

OK, Thank you very much for you support. I am going to try tomorrow, hope, as now I have other urgent topic.

Have a nice day