UEFI secureboot and disk encryption in 36.4

I seemingly flashed the device without errors (on an external NVME, with UEFI secure boot), but the device is not visible via lsusb after reboot (in non-recovery mode), this is what I see from UART debug via minicom:

��I/TC: Reserved shared memory is disabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
E/TC:?? 00 stmm_handle_variable_authentication:894 Failed to get signed CMAC ffff0007

ASSERT [FvbNorFlashStandaloneMm] /out/nvidia/optee_ftpm.t234-uefi/StandaloneMmOptee_RELEASE/edk2-nvidia/Silicon/NVIDIA/Driv)

Flash log attached:
flash_3-1_0_20241023-182647.log (109.3 KB)

These are the commands for writing the fuses, building the images and flashing that I used (I omitted key and fuse file generation and editing the sectors value in bootloader/generic/cfg/flash_t234_qspi.xml) :

python3 ./source/optee/samples/hwkey-agent/host/tool/gen_ekb/gen_ekb.py -chip t234 -oem_k1_key kek_optee.key -in_sym_key sym_t234.key -in_sym_key2 sym2_t234.key -in_auth_key uefi_auth.key -out bootloader/eks_t234.img

sudo ./odmfuse.sh -i 0x23 -k rsa.pem -S sbk.key -X fuse.xml jetson-agx-orin-devkit

sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 -u ./rsa.pem -v ./sbk.key --uefi-keys uefi_keys/uefi_keys.conf --uefi-enc sym_t234.key --no-flash --showlogs -p “-c bootloader/generic/cfg/flash_t234_qspi.xml” jetson-agx-orin-devkit internal

sudo cp bootloader/eks_t234_sigheader_encrypt.img.signed ./tools/kernel_flash/images/internal/

sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs -u ./rsa.pem -v ./sbk.key --no-flash --external-device nvme0n1p1 -i ./sym2_t234.key --uefi-keys uefi_keys/uefi_keys.conf --uefi-enc sym_t234.key -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml -S 900GiB --external-only --append --network usb0 jetson-agx-orin-devkit external

sudo ./tools/kernel_flash/l4t_initrd_flash.sh --showlogs -u rsa.pem -v sbk.key --uefi-keys uefi_keys/uefi_keys.conf --uefi-enc sym_t234.key --network usb0 --flash-only

Can you help me understand what’s wrong?