I’ve gone trough the process outlined in README_secureboot.txt to (I believe) burn the fuse and flash an encrypted root partition on a 16GB Xavier AGX development system. It booted without error and I am able to user it like normal, and the flashing process appears to have worked and used my .pem and key files, but I would like some verification that it is actually encrypted.
All I’ve found via a Google search on verifying that a partition is encrypted is using blkid, but when I run blkid on /dev/mmcblk0 and/or /dev/mmcblk0p1 it just shows a standard gpt partition table and ext4 filesystem. Is there any way that I can be sure that it is actually encrypted?
My ultimate goal is to boot from the NVME SSD, but I haven’t figured that out yet. I have been able to use the jetsonhacks method to install root on the SSD, and I also found a forum post that had a script that purported to boot off of an encrypted SSD, but that didn’t work for me. I think it’s based on an older jetpack version, and I have seen indications that the standard installation in 4.6 should support root on SSD, but I don’t know if it supports encryption.
Any pointers on how to verify that I actually have an encrypted root partition, and whatever the best option is for an encrypted SSD installation would be appreciated. If the best I can do is to format the SSD as an encrypted volume then that’s okay as well. I’m not sure how to do that, but I assume there’s documentation somewhere.