Why the initrd_flash can encrypt the disk without SBKPKC mode

1.We run the command :sudo ROOTFS_ENC=1 ./flash.sh -i ekb.key jetson-xavier mmcblk0p1 . with no SBKPKC mode

. And it can be flashed successfully but cant boot.
the log shows:

297pm8ge1xplsq0zwfm4st9e_01920×1440 198 KB

[0000.667] I> oem authentication of eks header done
[0000.668] I> eks binary done read from storage
[0000.668] I> eks: Authentication init Done
[0000.669] I> eks: Authentication Finalize Done
[0000.673] I> EKB detected (length: 0x410) @ VA:0x52700400
��NOTICE:  BL31: v1.3(release):b5eeb33f7
NOTICE:  BL31: Built : 08:55:29, Feb 19 2022
ipc-unittest-main: 1519: Welcome to IPC unittest!!!
ipc-unittest-main: 1531: waiting forever
ipc-unittest-srv: 329: Init unittest services!!!
hwkey-agent: 41: hwkey-agent is running!!
hwkey-agent: 347: key_mgnt_processing .......
hwkey-agent: 162: ekb_verification: EKB_CMAC verification is not match.
hwkey-agent: 400: key_mgnt_processing: failed (-7)
hwkey-agent: 45: main: Failed to verify or extract EKB (-7).
exit called, thread 0xffffffffea8a4d58, name trusty_app_2_92b92883-f96a-4177
luks-srv: 40: luks-srv is running!!
platform_bootstrap_epilog: trusty bootstrap complete

0011.708] W> Failed to initialize device 10-5
[0011.712] E> NVME (5) boot failed, err: 0x80800612
[0011.717] I> ########## Fixed storage boot ##########
[0011.722] I> Loading kernel-bootctrl from partition
[0011.727] I> Loading partition kernel-bootctrl at 0xa4ae0000 from device(0x1)
[0011.740] W> tegrabl_get_kernel_bootctrl: magic number(0x00000000) is invalid
[0011.741] W> tegrabl_get_kernel_bootctrl: use default dummy boot control data
[0011.754] I> Already published: 00010003
[0011.754] I> Look for boot partition
[0011.755] I> Fallback: assuming 0th partition is boot partition
[0011.761] I> Detect filesystem
[0011.788] I> Loading extlinux.conf ...
[0011.788] I> Loading extlinux.conf binary from rootfs ...
[0011.788] I> rootfs path: /sdmmc_user/boot/extlinux/extlinux.conf
[0011.843] I> Loading extlinux.conf sig file from rootfs ...
[0011.844] I> rootfs path: /sdmmc_user/boot/extlinux/extlinux.conf.sig
[0011.887] I> Validate extlinux.conf ...
[0011.887] I> T19x: Authenticate extlinux.conf (bin_type: 54), max size 0x2000
[0011.887] I> Encryption fuse is not ON
[0011.888] I> L4T boot options
[0011.888] I> [1]: "primary kernel"
[0011.888] I> Enter choice: 
[0014.889] I> Continuing with default option: 1
[0014.889] I> Loading kernel ...
[0014.889] I> No kernel binary path
[0014.889] I> Continue to load from partition ...
[0014.890] W> No valid slot number is found in scratch register
[0014.890] W> Return default slot: _a
[0014.890] I> A/B: bin_type (37) slot 0
[0014.891] I> Loading kernel from partition
[0014.895] I> Loading partition kernel at 0xa4ae0000 from device(0x1)
[0015.384] I> Validate kernel ...
[0015.384] I> T19x: Authenticate kernel (bin_type: 37), max size 0x5000000
[0015.815] I> Encryption fuse is not ON
[0015.830] I> Checking boot.img header magic ... [0015.830] I> [OK]
[0015.831] I> Loading kernel-dtb ...
[0015.831] I> No kernel-dtb binary path
[0015.831] I> Continue to load from partition ...
[0015.831] W> No valid slot number is found in scratch register
[0015.832] W> Return default slot: _a
[0015.832] I> A/B: bin_type (38) slot 0
[0015.835] I> Loading kernel-dtb from partition
[0015.839] I> Loading partition kernel-dtb at 0x91000000 from device(0x1)
[0015.855] I> Validate kernel-dtb ...
[0015.855] I> T19x: Authenticate kernel-dtb (bin_type: 38), max size 0x400000
[0015.859] I> Encryption fuse is not ON
[0015.861] I> Kernel hdr @0xa4ae0000
[0015.863] I> Kernel dtb @0x90000000
[0015.866] I> decompressor handler not found
[0015.871] I> Copying kernel image (35917832 bytes) from 0xa4ae0800 to 0x80080000 ... [0015.884] I> Done
[0015.884] I> Move ramdisk (len: 11359540) from 0xa6d22000 to 0x92000000
[0015.889] I> Updated bpmp info to DTB
[0015.891] I> Ramdisk: Base: 0x92000000; Size: 0xad5534
[0015.895] I> Updated initrd info to DTB
[0015.898] W> WARN: Fail to override "console=none" in commandline
[0015.904] I> Active rootfs suffix: 
[0015.908] E> tegrabl_linuxboot_add_disp_param, du 1 failed to get display params
[0015.915] E> tegrabl_linuxboot_add_disp_param, du 1 failed to get display params
[0015.922] W> No valid slot number is found in scratch register
[0015.928] W> Return default slot: _a
[0015.931] I> Active slot suffix: 
[0015.934] I> add_boot_slot_suffix: slot_suffix = 
[0015.939] I> Linux Cmdline: root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 console=ttyTCU0,115200n8 console=tty0 fbcon=map:0 net.ifnames=0  
[0015.990] I> Updated bootarg info to DTB
[0015.994] W> MAC addr invalid!
[0015.997] E> Failed to get WIFI MAC address
[0016.001] W> MAC addr invalid!
[0016.004] E> Failed to get Bluetooth MAC address
[0016.008] I> eeprom_get_mac_addr: MAC (type: 2): 48:b0:2d:4d:8c:15
[0016.015] W> "plugin-manager" doesn't exist, creating
[0016.019] I> Adding /chosen/plugin-manager/cvm
[0016.023] W> "chip-id" doesn't exist, creating
[0016.028] I> Adding /chosen/plugin-manager/chip-id
[0016.032] W> "configs" doesn't exist, creating
[0016.036] I> Adding /chosen/plugin-manager/configs
[0016.041] W> "ids" doesn't exist, creating
[0016.045] I> Adding /chosen/plugin-manager/ids
[0016.049] W> "odm-data" doesn't exist, creating
[0016.054] I> Adding /chosen/plugin-manager/odm-data
[0016.061] W> "memory" doesn't exist, creating
[0016.063] I> [0] START: 0x80000000, END: 0xac000000
[0016.067] I> [1] START: 0xac004000, END: 0xf0ad0000
[0016.072] I> [2] START: 0xf0adc000, END: 0xf0ae0000
[0016.077] I> dram_block larger than 80000000
[0016.081] I> [3] START: 0x100000000, END: 0x880000000
[0016.086] I> added [base:0x80000000, size:0x2c000000] to /memory
[0016.092] I> added [base:0xac200000, size:0x44800000] to /memory
[0016.098] I> added [base:0x100000000, size:0x780000000] to /memory
[0016.104] I> Updated memory info to DTB
[0016.108] E> add_disp_param: failed to get display params for du=1
[0016.114] W> "reset" doesn't exist, creating
[0016.118] I> Adding ecid(00000001640912062400000004fe8140) to DT
[0016.124] I> NVG: Logical CPU: 0; MPIDR: 0x80000000
[0016.128] I> NVG: Logical CPU: 1; MPIDR: 0x80000001
[0016.133] I> NVG: Logical CPU: 2; MPIDR: 0x80000100
[0016.137] I> NVG: Logical CPU: 3; MPIDR: 0x80000101
[0016.142] I> NVG: Logical CPU: 4; MPIDR: 0x80000200
[0016.147] I> NVG: Logical CPU: 5; MPIDR: 0x80000201
[0016.152] I> NVG: Logical CPU: 6; MPIDR: 0x80000300
[0016.156] I> NVG: Logical CPU: 7; MPIDR: 0x80000301
[0016.162] W> "misc-data" doesn't exist, creating
[0016.166] I> Boot-device: eMMC
[0016.168] I> Add boot-sdmmc to plugin-manager/misc-data
[0016.174] I> Add storage-sdmmc to plugin-manager/misc-data
[0016.179] W> Unknown storage device
[0016.183] I> Add serial number:1423321101929 as DT property
[0016.189] I> Plugin-manager override starting
[0016.192] W> Failed to find /plugin-manager in DT
[0016.197] I> tegrabl_load_kernel_and_dtb: Done
[0016.218] I> Kernel EP: 0x80080000, DTB: 0x90000000
[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 4.9.253-tegra (root@sunxuehu-Latitude-5421) #2 SMP PREEMPT Wed Apr 27 17:49:52 CST 2022 tztek_version: [product: 
[    0.000000] Boot CPU: AArch64 Processor [4e0f0040]
[    0.000000] OF: fdt:memory scan node memory, reg size 48,
[    0.000000] OF: fdt: - 80000000 ,  2c000000
[    0.000000] OF: fdt: - ac200000 ,  44800000
[    0.000000] OF: fdt: - 100000000 ,  780000000
[    0.000000] earlycon: tegra_comb_uart0 at MMIO32 0x000000000c168000 (options '')
[    0.000000] bootconsole [tegra_comb_uart0] enabled
[    0.000000] Found tegra_fbmem: 00800000@a06ab000
[    0.000000] Found lut_mem: 00002008@a06a6000
[    0.855974] tegra194-pinctrl 2430000.pinmux: function 'shutdown' not supported
[    0.856011] tegra194-pinctrl 2430000.pinmux: invalid function shutdown in map table
[    0.856044] tegra194-pinctrl 2430000.pinmux: Failed to add default setting: -22
��WARNING: clk_get_rate: clk_power_ungate on gated domain 27 for gpcclk
WARNING: pll_d3 has no dyn ramp
��[    4.418416] max98090 7-0010: Failed to reset codec: -121
[    4.418952] max98090 7-0010: Failed to read device revision: -1
[    4.419087] max98090 7-0010: ASoC: failed to probe component -1
[    4.419262] tegra-asoc: sound: ASoC: failed to instantiate card -1
[    4.421936] tegra-asoc: sound: snd_soc_register_card failed (-1)
[    7.392751] ERROR: could not get clock /spi@c260000:osc(2)
[    7.393326] ERROR: could not get clock /spi@c260000:osc(2)
[    7.402860] mcp25xxfd spi1.0: Cannot initialize MCP2517. Wrong wiring?
[    7.403040] mcp25xxfd spi1.0: Probe failed, err=19
[   14.561105] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
[   14.561105] 
[   14.561330] CPU: 3 PID: 1 Comm: bash Not tainted 4.9.253-tegra #2
[   14.561458] Hardware name: Jetson-AGX (DT)
[   14.561551] Call trace:
[   14.561621] [<ffffff800808ba40>] dump_backtrace+0x0/0x198
[   14.561736] [<ffffff800808c004>] show_stack+0x24/0x30
[   14.561848] [<ffffff800903e8b4>] dump_stack+0xa0/0xc4
[   14.561956] [<ffffff800903b958>] panic+0x12c/0x2a8
[   14.562060] [<ffffff80080b8bd0>] complete_and_exit+0x0/0x30
[   14.562178] [<ffffff80080b8c60>] do_group_exit+0x40/0xa8
[   14.562294] [<ffffff80080b8ce8>] __wake_up_parent+0x0/0x40
[   14.562406] [<ffffff8008083900>] el0_svc_naked+0x34/0x38
[   14.562526] SMP: stopping secondary CPUs
[   14.562620] Kernel Offset: disabled
[   14.562711] Memory Limit: none
[   14.562890] trusty-log panic notifier - trusty version Built: 08:57:16 Feb 19 2022 [   14.571815] Rebooting in 5 seconds..
����Shutdown state requested 1
Rebooting system ...

By the way the eks.img I used is generated by iv_key kek2_key user_key ekb.key. If I dont use the SBKPKC if the eks.img will effect the disk encryption?
I know I can use the initrd_flash encrypt nvme without SBKPKC,but I dont know if the initrd_flash internal is same as flash.sh. If they are same，it will be starge not need the SBKPKC.
Here I just refer the topic just fuse pkcit seems said that we need the sbkpkc