I have been following these 2 guides OP-TEE: Open Portable Trusted Execution Environment — Jetson Linux Developer Guide documentation and Disk Encryption — Jetson Linux Developer Guide documentation and using optee/samples/hwkey-agent/host/tool/gen_ekb/example.sh to generate a new eks.img for t194 chip.
I’m using Jetson Linux r35.3.1 and a host with ubuntu 20.04.
Here is a screenshot of the t194 portion in example.sh
I ran the example.sh, and once eks_t194.img was generated, I coped it over to Linux_for_Tegra/bootloader/
I also copied over the sym2_t194.key to Linux_for_Tegra/ekb.key and proceeded to flash NVME on the xavier nx with the command below:
sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --external-device nvme0n1p1 -p "-i ekb.key" -c ./tools/kernel_flash/flash_l4t_nvme_rootfs_enc.xml --external-only -S 25GiB --showlogs jetson-xavier-nx-devkit external
So far so good, once it was flashed and rebooted, I could see my partition in the below screenshot:
Then I follow this instruction below to see if I can decrypt the encrypted partition:
sudo blkid to get this DISK_UUID of the partition,
Then I typed in this command:
nvluks-srv-app --context-string "87e1bb72-6261-4252-ba6e-e14e1a2bae54" --get-unique-pass | cryptsetup -c luksOpen /dev/nvme0n1p2 /dev/mapper/test
And I got the error below:
The command to get passphrase:
nvluks-srv-app --context-string "87e1bb72-6261-4252-ba6e-e14e1a2bae54" --get-unique-pass gave me this error:
And if I added
sudo in front of it, I got this error:
Please let me know if I missed any anything or did something entirely wrong. Any help is appreciated!