TX2NX massflash with simple EKB encryption instead of SecureBoot

Hello! I’m trying to upgrade my massflash script to include rootfs encryption with Jetpack 4.6. In README_massflash.txt it says that it’s possible to generate massflash blob with no security or secure boot. I was wondering if it’s possible to generate the massflash blob with simple EKB encryption without secure boot.

These are the steps I’m flashing single device at the time. The goal is to make this massflash-able.

1. Generate ekb key from trusty_src/trusty/app/nvidia-sample/hwkey-agent/CA_sample/tool/gen_ekb
2. cp eks.img ~/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/bootloader/eks.img
3. cp sym2.key ~/nvidia/nvidia_sdk/JetPack_4.6.4_Linux_JETSON_TX2_TARGETS/Linux_for_Tegra/sym2.key
4. Flash Jetson with this command:
   sudo ROOTFS_ENC=1 ./flash.sh -i "./sym2.key" jetson-xavier-nx-devkit-tx2-nx internal

How would I do this for massflash? It doesn’t look like ROOTFS_ENC=1 and EKB key parameters are used for nvmassflashgen.sh

EDIT: Is that true that you can’t use massflash with eMMC encryption?

hello therealmatiss,

you cannot use massflash with eMMC encryption scenario since Jetpack-4.6 doesn’t support generic-passphrase.
it has unique ECID (per device) to enable disk encryption, which means it generates per-device encrypted disk images.

FYI,
please see-also rel-35 developer guide, Creating Encrypted Images with a Generic Key.
disk encryption with generic-passphrase is added after JetPack 5.1.3 (r35.5.0) release version.
you’ll be able to create encrypted images with a generic key.
however, JP-5 doesn’t support TX2 series.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.