Error: Unable to flash Nvidia Jetson Orin Nano Dev board with encryption

Issue Overview

Users are experiencing difficulties when attempting to flash the Nvidia Jetson Orin Nano Dev board with encryption enabled. The issue occurs during the flashing process, resulting in a kernel panic with the error message "no key available with this passphrase" and a failure to unlock nvme0n1p2. This problem persists even after successful flashing without encryption[1].

Possible Causes

1. Incorrect encryption key generation or configuration
2. Incompatibility between the generated encryption keys and the flashing process
3. Issues with the EKS (Encryption Key Slot) image
4. Mismatched board configuration in flashing commands
5. Potential hardware issues with the NVMe drive or its partitioning

Troubleshooting Steps, Solutions & Fixes

1. Update EKS image for both slots:

   • Flash the EKS image for both A and B slots using the following commands:

     sudo ./flash.sh --no-flash -k A_eks jetson-orin-nano-devkit internal
     sudo ./flash.sh --no-flash -k B_eks jetson-orin-nano-devkit internal
     

   • Ensure to use "jetson-orin-nano-devkit" as the board configuration, not "jetson-agx-orin-devkit".

2. Verify encryption key generation:

   • Double-check the encryption key generation process, especially the contents of sym2_t234.key and auth_t234.key.
   • For Jetpack 6.0 and later, use the following key configuration:

     echo "0000000000000000000000000000000000000000000000000000000000000000" > sym_t234.key
     echo "96be0bdc974cd136109006d8f9277fa2" > sym2_t234.key
     echo "00000000000000000000000000000000" > auth_t234.key
     

3. Adjust flashing script:

   • Modify the flashing script to include the EKS update steps and remove any unnecessary conditions based on Jetpack version.

4. Verify NVMe drive size and partitioning:

   • Run sudo fdisk -l on the board to check the actual size of the NVMe drive.
   • Ensure that the NUM_SECTORS value in the XML configuration file matches the actual drive size.

5. Check for hardware issues:

   • If problems persist, consider testing with a different NVMe drive to rule out hardware-related issues.

6. Capture detailed logs:

   • Use a serial console to capture more detailed boot logs for further analysis.
   • If unable to capture serial console output, double-check the UART connection and configuration.

7. Verify flashing process:

   • Ensure all flashing steps are completed without errors, including the external device flashing.
   • Pay attention to any warnings or errors in the flashing logs, particularly related to partition creation or file copying.

8. Consider reverting to a known working configuration:

   • If issues persist, consider temporarily disabling encryption and flashing without it to establish a baseline working configuration.
   • Once successful, gradually reintroduce encryption steps to isolate the problem.

If these steps do not resolve the issue, consider reaching out to Nvidia support with detailed logs and information about your specific hardware configuration and flashing process.