SSD encryption


I am using jetpack 4.5.1 on my Xavier AGX developer kit, i recently added an nvme ssd to it and followed the steps here to switch the rootfs to the SSD.

I would like to encrypt the data on the SSD so that upon physical removal of the ssd, the data is not accessible.

I did read the documentation here but i am new to this so i have a couple of questions i am hoping to get answers to:

  1. From what i have read in the disk encryption documentation, depending on the config used for flashing, the disk will be partitioned into 2 parts, non encrypted bootloader and the rest of the file system encrypted. In my case the flashing is done on the EMMC first and then i switch it to the SSD using the previously mentioned method, so does the encryption pass on to the SSD as well along with the file system? If not, how can i encrypt it in that case?

  2. is it possible to encrypt the SSD without having to re-flash the board?

Thanks in advance.

P.S. I know jetpack 4.6 supports flashing directly to the SSD which will make the encryption by flashing easier for me but let’s just say i am forced to use jetpack 4.5.1 for now.

Since the function is not ready on Jetpack 4.5, we would suggest upgrade to later version. For more information about disk encryption, please take a look at developer guide

Does this mean that even by flashing, disk encryption function is not implemented for jetpack 4.5.1?

Another question, can i at least encrypt part of the disk by any third-party software like dm-crypt or other similar software? (feel free to suggest any other software or method)

Disk encryption ins not ready on Jetpack 4.5.1. We suggest upgrade to later release.

For using 3rdparty solution, it would need other users to share experience.