Using SED (Self-encrypting drive) on Jetson Orin Nano

nvidiartx10000 · April 14, 2025, 1:52pm

i would like to use an SED drive on Orin Jetson Nano and install jetpack on it. I saw some high-level information about using sedutil and u-boot configuration.

I am using Jetpack.
I want to use SED and use sedutil to lock and unlock the drive. I don’t need any other encyption like LUKS.
Based from what i’ve read, I need to run the sedutil via u-boot to unlock the SED before it boots up.
Regarding u-boot configuration, should I use the u-boot source code from here GitHub - u-boot/u-boot: "Das U-Boot" Source Tree or is there a specific U-boot source code that i should use for the Jetpack?
Do i really need to modify the u-boot? Are there any other alternatives to be able to unlock the SED before it boots up?

thanks

JerryChang · April 15, 2025, 3:15am

just for confirmation, you’re working with Jetson Nano (t210) instead of Jetson Orin Nano (t234), right?
it’s due to t234 series is not using uboot

nvidiartx10000 · April 15, 2025, 12:44pm

yes, I’m using t234 Jetson Orin Nano. And is this absence of u-boot mentioned on any documentation online?

Based from what I’ve researched, I need to call the sedutil command on u-boot to be able to unlock the SED. If Orin Nano isn’t using u-boot, what are my options to be able to unlock the SED before it boots-up?

thank you

JerryChang · April 16, 2025, 3:14am

hello nvidiartx10000,

the boot sequence is… MB1 → MB2 → UEFI → linux kernel.
it’s UEFI uses an OS loader (L4TLauncher) to load the file system,
you may please refer to developer guide, UEFI Adaptation for more details.

nvidiartx10000 · April 23, 2025, 10:14pm

Hi Jerry,

I read the UEFI adaptation but I am a bit lost. I dont have much experience with UEFI but I’ll ask anyway and might need some guidance.

I have an executable compiled in C that unlocks the Self Encrypting Drive. I need to run this executable, which will ask for a passphrase, before the SED gets mounted and/or before the kernel gets loaded. This SED has a Jetpack OS installed on it.

Given that the SED drive is locked on power-up, how will i be able to execute and include this executable on boot-up before the Jetson Nano accesses the SED drive with the Jetpack OS on it? (by the way, I wont be using LUKS, i will solely use the SED’s hardware encryption/decryption)

thanks

JerryChang · April 24, 2025, 6:20am

hello nvidiartx10000,

as you can see per Disk Encryption section, it uses EKB key to flash a target to enable disk encryption.
we’re not supported with a prompt for passphrase to unlock. please customize it by yourself.

Topic		Replies	Views
Require password on boot LUKS FDE on nvme ssd Jetson Orin Nano security	4	393	November 24, 2023
Security -- Jetson Orin Nano Jetson Orin Nano security	19	68	April 21, 2025
Disk Encryption on Jetson Orin Nano Without Secure Boot or UEFI Secure Boot Jetson Orin Nano security	6	175	July 31, 2024
[L4T 35.4.1] How to get both UEFI SecureBoot and burning software fuses Jetson Orin Nano security	7	341	May 22, 2024
Orin Nano 8Gb dev-board issues with flashing encrypted root_fs of Jetpack 5.1.2 Jetson Orin Nano reflash , security	6	248	July 30, 2024
Jetson Orin Nano Developer Kit -- Trouble Getting Started Jetson Orin Nano boot	4	1059	January 20, 2024
Encrypted File-system support on Jeston Orin-Nano JP 6.0 Jetson Orin Nano tpm	8	93	December 12, 2024
Disk encryption key in EKS partition Jetson Orin NX security	13	105	December 27, 2024
Jetson Orin Nano boot error Jetson Orin Nano boot , board-design	10	154	January 6, 2025
Disk Encryption: fail to unlock the encrypted dev /dev/nvme0n1p2 Jetson Orin Nano security	2	597	October 28, 2023

Using SED (Self-encrypting drive) on Jetson Orin Nano

Related topics