Continuing the discussion from Enabling disk encryption and secureboot on internal device 36.3:
What is the status on using disk encryption with UEFI secureboot in release 36.3? We require both features.
Thanks
hello robert70,
may I know what’s the failure you’ve seen,
please double check you’ve all UEFI payloads been signed with UEFI security keys.
Hi JerryChang,
I have attached the boot log:
uefi-secureboot.log (43.0 KB)
The Jetson Orin NX reboots after this failure.
I have followed the UEFI payload signing instructions using the db key.
Update: I just figured out how to solve the problem.
I was including an in_sym_key of all zeros as it was setup in the ekb generation example:
python3 gen_ekb.py -chip t234 -oem_k1_key oem_k1.key \
-in_sym_key sym_t234.key \
-in_sym_key2 sym2_t234.key \
-in_auth_key auth_t234.key \
-out eks_t234.img
By removing the line, -in_sym_key sym_t234.key \, the L4T UEFI loader no longer expects the kernel payloads to be encrypted, so they verify just fine.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.