ルートファイルシステムの暗号化の起動問題
前回でinitramfsを作成し、カーネルイメージとデバイスツリーファイルを抜き出し、LUKSフォーマットされた状態のルートファイルシステムを作成した。
前回も触れたように、Jetson Nanoのパーティション定義が、/bootと/が1つのパーティションで、ルートファイルシステムの暗号化を行った場合、/bootごと暗号化され、このままだと起動ができない。
現在定義されているパーティションテーブルを変更して、ブートに必要で前回抜き出した
/boot/Image
/boot/tegra210-p3448-0000-p3449-0000-b00-user-custom.dtb
/boot/initrd.img-4.9.140-tegra
上記3つを納めて置けるパーティションを別に作成する。
また、上記はLUKSパーティションの復号、起動にかかわる重要なファイルなので暗号化をしたい。
今回、追加で2つのパーティションを作成し、
1、平文の上記3点セット
2、暗号化した上記3点セット
を置いて、初回起動時に1、を暗号化して2、に置き、今後は2、から起動するように考えてみたい。
パーティションの設定とイメージファイルの準備
jetson-nano-partition-setupでパーティション定義を設定した。
これを、
Linux_for_Tegra/bootloader/t210ref/cfg/flash_l4t_t210_spi_sd_p3448.xml
と置き換えるとパーティション定義が変更される。BOOT1,BOOT2というパーティションをそれぞれ70MBで作成した。
以下を作成していく。
BOOT1 平文の上記3点セット
BOOT2 暗号化した上記3点セット(初期は空)
$ dd if=/dev/zero of=BOOT1.img bs=1M count=0 seek=70
$ sudo losetup -f BOOT1.img
$ losetup -l
$ losetup
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop6
0 0 0 0
Linux_for_Tegra/BOOT1.img
0 512
$ sudo mkfs.ext4 /dev/loop6
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks: done
Creating filesystem with 71680 1k blocks and 17928 inodes
Filesystem UUID: c1802a65-140f-4bfb-8dee-7458e0a48170
Superblock backups stored on blocks:
8193, 24577, 40961, 57345
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
$ sudo mkdir /media/bootimage
$ sudo mount /dev/loop6 /media/bootimage
$ sudo mkdir /media/bootimage/boot
$ sudo cp <コピーしておいたディレクトリ>/Image /media/bootimage/boot/
$ sudo cp <コピーしておいたディレクトリ>/initrd.img-4.9.140-tegra /media/bootimage/boot/
$ sudo cp <コピーしておいたディレクトリ>/tegra210-p3448-0000-p3449-0000-b00-user-custom.dtb /media/bootimage/boot/
$ sudo umount /media/bootimage
$ sudo losetup -d /dev/loop6
$ dd if=/dev/zero of=BOOT2.img bs=1M count=0 seek=70
$ sudo losetup -f BOOT2.img
$ losetup –l
/dev/loop6
0 0 0 0 /media/km/hdd/nvidia/NEW/Tegra210_Linux_R32.4.2_aarch64/Linux_for_Tegra/BOOT2.img
$ sudo mkfs.ext4 /dev/loop6
$ sudo losetup -d /dev/loop6
$ mv BOOT* bootloader/
これで起動に必要なパーティションイメージが作成できた。
u-bootのカスタマイズで起動イメージの暗号化
実際に暗号化して起動するためには上記3点セットを読み出すu-bootにカスタマイズをする必要がある。
以下のように動作を考えてみた。
まず、BOOT2に暗号化済みファイルがあれば、復号してブート。なければ暗号化
暗号化:ATECC608Aを初期化し、スロットの初期化。
BOOT1にあるファイルを暗号化し、ハッシュを取ってATECC608Aで署名し、BOOT2に書き込む。
復号:BOOT2にあるファイルの署名を検証し、復号しメモリに展開してブートさせる。
kmwebnet/u-boot-for-jetson-nano
UbuntuPCで
Jetson Linux Driver Package Toolchainをインストールしておく。
下記に移動する。
Linux_for_Tegra/sources/
$ git clone --recursive https://github.com/kmwebnet/u-boot-for-jetson-nano.git
$ cd u-boot-for-jetson-nano
$ export CROSS_COMPILE=$HOME/l4t-gcc/gcc-linaro-7.3.1-2018.05-x86_64_aarch64-linux-gnu/bin/aarch64-linux-gnu-
$ make distclean
$ make p3450-porg_defconfig
$ make -j4
$ sudo cp u-boot{,.bin,.dtb,-dtb.bin} ../../bootloader/t210ref/p3450-porg/
$ cd ..
これで必要なファイルがすべてそろった。
Jetson Nanoの起動時のu-bootの確認をするためにJetson NanoへシリアルUSB変換ケーブルを接続し、出力を確認できるようにする。上記が接続したところ。
再度Jetson Nanoをリカバリーモードにし、ファームウェアを書き込む。
上記でリカバリーモードへ入るためのジャンパーも接続されている。
sudo ./flash.sh -x 0x21 -y PKC -r -u ../rsa_priv.pem jetson-nano-qspi-sd mmcblk0p1
"-r"オプションで準備したsystem.imgルートファイルシステムを書き込む設定となる。
書き込みが終了すると、u-bootで起動が進行し、シリアルコンソール上で、以下で停止する。
U-Boot 2016.07-g4fe9527-dirty (Jun 01 2020 - 15:24:02 +0900)
TEGRA210
Model: NVIDIA P3450-Porg
Board: NVIDIA P3450-PORG
DRAM: 4 GiB
MMC: Tegra SD/MMC: 0, Tegra SD/MMC: 1
SF: Detected MX25U3235F with page size 256 Bytes, erase size 4 KiB, total 4 MiB
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Net: No ethernet found.
Failed to mount ext2 filesystem...
** Unrecognized filesystem type **
Hit any key to stop autoboot: 0
device tree encryption start...
got KDF key...
got public key...
loading /boot/tegra210-p3448-0000-p3449-0000-b00-user-custom.dtb...
216327 bytes read in 64 ms (3.2 MiB/s)
encrypted.
hash and signature has made.
offset bytes:216528
saving /tegra210.dtb...
File System is consistent
update journal finished
216528 bytes write in 398 ms (531.3 KiB/s)
ramdisk encryption start...
got KDF key...
got public key...
loading /boot/initrd.img-4.9.140-tegra...
20675400 bytes read in 991 ms (19.9 MiB/s)
encrypted.
hash and signature has made.
offset bytes:20675600
saving /initrd...
File System is consistent
update journal finished
20675600 bytes write in 3016 ms (6.5 MiB/s)
kernel encryption start...
got KDF key...
got public key...
loading /boot/Image...
34265096 bytes read in 1535 ms (21.3 MiB/s)
encrypted.
hash and signature has made.
offset bytes:34265296
saving /Image...
File System is consistent
update journal finished
34265296 bytes write in 4700 ms (7 MiB/s)
Tegra210 (P3450-Porg) #
上記でBOOT1の中のファイルが暗号化され、BOOT2に暗号化されたファイルが置かれた。
リカバリーモードへ入るためのジャンパーを抜いて、電源を入れなおして再起動する。
U-Boot 2016.07-g4fe9527-dirty (Jun 01 2020 - 15:24:02 +0900)
TEGRA210
Model: NVIDIA P3450-Porg
Board: NVIDIA P3450-PORG
DRAM: 4 GiB
MMC: Tegra SD/MMC: 0, Tegra SD/MMC: 1
SF: Detected MX25U3235F with page size 256 Bytes, erase size 4 KiB, total 4 MiB
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Net: No ethernet found.
Failed to mount ext2 filesystem...
** Unrecognized filesystem type **
Hit any key to stop autoboot: 0
device tree decryption start...
loading /tegra210.dtb...
216528 bytes read in 43 ms (4.8 MiB/s)
decrypted.
ramdisk decryption start...
loading /initrd...
20675600 bytes read in 1445 ms (13.6 MiB/s)
decrypted.
kernel decryption start...
loading /Image...
34265296 bytes read in 2378 ms (13.7 MiB/s)
decrypted.
boot
bootm_argv[0]:bootm
bootm_argv[1]:83280000
bootm_argv[2]:80600000:13b7b48
bootm_argv[3]:80000000
bootargs:tegraid=21.1.2.0.0 ddr_die=4096M@2048M section=512M memtype=0 vpr_resize usb_port_owner_info=0 lane_owner_info=0 emc_max_dvfs=0 touch_id=0@63 video=tegrafb no_console_suspend=1 console=ttyS0,115200n8 debug_uartport=lsport,2 earlyprintk=uart8250-32bit,0x70006000 maxcpus=4 usbcore.old_scheme_first=1 lp0_vec=0x1000@0xff780000 core_edp_mv=1075 core_edp_ma=4000 tegra_fbmem=0x800000@0x92cb0000 is_hdmi_initialised=1 cryptdevice=/dev/mmcblk0p1:luks cryptopts=keyscript=/lib/cryptsetup/scripts/getinitramfskey.sh,source=/dev/mmcblk0p1,target=luks root=/dev/mapper/luks rw rootwait rootfstype=ext4 console=ttyS0,115200n8 console=tty0 fbcon=map:0 net.ifnames=0
## Flattened Device Tree blob at 80000000
Booting using the fdt blob at 0x80000000
reserving fdt memory region: addr=80000000 size=20000
Using Device Tree in place at 0000000080000000, end 0000000080037d06
ERROR: DT property /psci/nvidia,system-lp0-disable missing in source; can't copy
at arch/arm/mach-tegra/dt-edit.c:176/fdt_iter_copy_prop()
Starting kernel ...
カーネル起動シーケンスへ切り替わった。
後は、通常通り、Jetson NanoへHDMI,USBキーボード、マウスを接続して、初回セットアップを行っていく。
起動後のイメージ
きちんと暗号化されたパーティションで起動しているか確認してみる。
$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 1.7G 0 1.7G 0% /dev
tmpfs 396M 24M 373M 6% /run
/dev/mapper/luks 13G 12G 362M 98% /
tmpfs 2.0G 4.0K 2.0G 1% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 396M 148K 396M 1% /run/user/1000
/dev/mmcblk0p15 64M 54M 5.1M 92% /media/kmwebnet/c1802a65-140f-4bfb-8dee-7458e0a48170
問題なく/dev/mapper/luksが起動ディスクになっている。
/dev/mmcblk0p15は暗号化されていないブートファイルがあるので、消去しておく。
$ sudo umount /dev/mmcblk0p15
$ sudo dd if=/dev/zero of=/dev/mmcblk0p15 bs=1M
dd: error writing '/dev/mmcblk0p15': No space left on device
71+0 records in
70+0 records out
73400320 bytes (73 MB, 70 MiB) copied, 1.47714 s, 49.7 MB/s
また、/dev/mapper/luksがパーティション容量が少なく、警告が出るので、
作成したパーティション拡大スクリプトで拡大させる。
Jetson-nano-resize-partition
$ sudo ./resize.sh
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
249737183
/dev/mmcblk0 device has 127G size card
This script will move partitions p2..p16 to the end of /dev/mmcblk0 device
Current size of root file system is 15G
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
The operation has completed successfully.
Partitions [1..16] read done
Saving data from parttions [2..16]...
256+0 records in
256+0 records out
131072 bytes (131 kB, 128 KiB) copied, 0.0052099 s, 25.2 MB/s
Backup partition 2: TBC EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 18A700B1-16FC-4D43-98C9-C501B1AD714F 256 new start 249442879 end 249443135
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.0143048 s, 32.1 MB/s
Backup partition 3: RP1 EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 75615360-F4E5-4B35-A42E-7877ECCEA967 896 new start 249443135 end 249444031
1152+0 records in
1152+0 records out
589824 bytes (590 kB, 576 KiB) copied, 0.0264288 s, 22.3 MB/s
Backup partition 4: EBT EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 6DD31F23-1CB0-4CD6-9A10-036300422A34 1152 new start 249444031 end 249445183
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.00708402 s, 9.3 MB/s
Backup partition 5: WB0 EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 39884917-2541-4750-8F59-BC1BB7B1FC0E 128 new start 249445183 end 249445311
384+0 records in
384+0 records out
196608 bytes (197 kB, 192 KiB) copied, 0.00886127 s, 22.2 MB/s
Backup partition 6: BPF EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 34BA123A-7225-479C-AA01-0C294A549600 384 new start 249445311 end 249445695
768+0 records in
768+0 records out
393216 bytes (393 kB, 384 KiB) copied, 0.0142014 s, 27.7 MB/s
Backup partition 7: BPF-DTB EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 2591467D-366E-49D1-8879-E5607790133C 768 new start 249445695 end 249446463
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.00340188 s, 19.3 MB/s
Backup partition 8: FX EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 12B961F8-52BB-4CA0-B51F-B60CC129F271 128 new start 249446463 end 249446591
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.0148696 s, 30.9 MB/s
Backup partition 9: TOS EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 632DD469-9352-45EF-8CF0-8A2F1AD5D47B 896 new start 249446591 end 249447487
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.0410288 s, 11.2 MB/s
Backup partition 10: DTB EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 6332AA4E-B924-4150-8B82-464BAEFD9358 896 new start 249447487 end 249448383
1536+0 records in
1536+0 records out
786432 bytes (786 kB, 768 KiB) copied, 0.0223166 s, 35.2 MB/s
Backup partition 11: LNX EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 1C86AE09-B130-42BE-9BCC-3D402DCD590A 1536 new start 249448383 end 249449919
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.0117079 s, 5.6 MB/s
Backup partition 12: EKS EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 1F94CDE0-DD35-4340-AD0F-843EF7161D59 128 new start 249449919 end 249450047
160+0 records in
160+0 records out
81920 bytes (82 kB, 80 KiB) copied, 0.0130061 s, 6.3 MB/s
Backup partition 13: BMP EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 1A910277-68BC-4A40-AEC8-1968B1144B4F 160 new start 249450047 end 249450207
256+0 records in
256+0 records out
131072 bytes (131 kB, 128 KiB) copied, 0.00651348 s, 20.1 MB/s
Backup partition 14: RP4 EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 71DCDAE2-CA18-4125-BC68-E14F5F216E17 256 new start 249450207 end 249450463
143360+0 records in
143360+0 records out
73400320 bytes (73 MB, 70 MiB) copied, 1.72217 s, 42.6 MB/s
Backup partition 15: BOOT1 EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 3AF70086-E2C4-40C6-96B1-81537E62B04D 143360 new start 249450463 end 249593823
143360+0 records in
143360+0 records out
73400320 bytes (73 MB, 70 MiB) copied, 1.67478 s, 43.8 MB/s
Backup partition 16: BOOT2 EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 2D67357F-D10B-4037-808C-A23FE8099510 143360 new start 249593823 end 249737183
Done
Relocating BOOT2 partition
Information: Moved requested sector from 249593823 to 249593816 in
order to align on 8-sector boundaries.
Setting name!
partNum is 15
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating BOOT1 partition
Information: Moved requested sector from 249450463 to 249450456 in
order to align on 8-sector boundaries.
Setting name!
partNum is 14
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating RP4 partition
Information: Moved requested sector from 249450207 to 249450200 in
order to align on 8-sector boundaries.
Setting name!
partNum is 13
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating BMP partition
Information: Moved requested sector from 249450047 to 249450040 in
order to align on 8-sector boundaries.
Setting name!
partNum is 12
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating EKS partition
Information: Moved requested sector from 249449919 to 249449912 in
order to align on 8-sector boundaries.
Setting name!
partNum is 11
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating LNX partition
Information: Moved requested sector from 249448383 to 249448376 in
order to align on 8-sector boundaries.
Setting name!
partNum is 10
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating DTB partition
Information: Moved requested sector from 249447487 to 249447480 in
order to align on 8-sector boundaries.
Setting name!
partNum is 9
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating TOS partition
Information: Moved requested sector from 249446591 to 249446584 in
order to align on 8-sector boundaries.
Setting name!
partNum is 8
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating FX partition
Information: Moved requested sector from 249446463 to 249446456 in
order to align on 8-sector boundaries.
Setting name!
partNum is 7
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating BPF-DTB partition
Information: Moved requested sector from 249445695 to 249445688 in
order to align on 8-sector boundaries.
Setting name!
partNum is 6
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating BPF partition
Information: Moved requested sector from 249445311 to 249445304 in
order to align on 8-sector boundaries.
Setting name!
partNum is 5
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating WB0 partition
Information: Moved requested sector from 249445183 to 249445176 in
order to align on 8-sector boundaries.
Setting name!
partNum is 4
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating EBT partition
Information: Moved requested sector from 249444031 to 249444024 in
order to align on 8-sector boundaries.
Setting name!
partNum is 3
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating RP1 partition
Information: Moved requested sector from 249443135 to 249443128 in
order to align on 8-sector boundaries.
Setting name!
partNum is 2
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Relocating TBC partition
Information: Moved requested sector from 249442879 to 249442872 in
order to align on 8-sector boundaries.
Setting name!
partNum is 1
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Warning: Not all of the space available to /dev/mmcblk0 appears to be used, you can fix the GPT to use all of the space (an extra 6 blocks) or continue with the current setting?
Restore data to parttions [2..16]...
256+0 records in
256+0 records out
131072 bytes (131 kB, 128 KiB) copied, 0.0413135 s, 3.2 MB/s
Partition 2 data restored
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.140548 s, 3.3 MB/s
Partition 3 data restored
1152+0 records in
1152+0 records out
589824 bytes (590 kB, 576 KiB) copied, 0.0748152 s, 7.9 MB/s
Partition 4 data restored
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.0119817 s, 5.5 MB/s
Partition 5 data restored
384+0 records in
384+0 records out
196608 bytes (197 kB, 192 KiB) copied, 0.0274831 s, 7.2 MB/s
Partition 6 data restored
768+0 records in
768+0 records out
393216 bytes (393 kB, 384 KiB) copied, 0.0576103 s, 6.8 MB/s
Partition 7 data restored
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.0120003 s, 5.5 MB/s
Partition 8 data restored
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.0608032 s, 7.5 MB/s
Partition 9 data restored
896+0 records in
896+0 records out
458752 bytes (459 kB, 448 KiB) copied, 0.0641976 s, 7.1 MB/s
Partition 10 data restored
1536+0 records in
1536+0 records out
786432 bytes (786 kB, 768 KiB) copied, 0.119507 s, 6.6 MB/s
Partition 11 data restored
128+0 records in
128+0 records out
65536 bytes (66 kB, 64 KiB) copied, 0.0144542 s, 4.5 MB/s
Partition 12 data restored
160+0 records in
160+0 records out
81920 bytes (82 kB, 80 KiB) copied, 0.0130759 s, 6.3 MB/s
Partition 13 data restored
256+0 records in
256+0 records out
131072 bytes (131 kB, 128 KiB) copied, 0.0196999 s, 6.7 MB/s
Partition 14 data restored
143360+0 records in
143360+0 records out
73400320 bytes (73 MB, 70 MiB) copied, 13.0275 s, 5.6 MB/s
Partition 15 data restored
143360+0 records in
143360+0 records out
73400320 bytes (73 MB, 70 MiB) copied, 5.60086 s, 13.1 MB/s
Partition 16 data restored
Resizing root file system...
Setting name!
partNum is 0
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
The operation has completed successfully.
Warning: Not all of the space available to /dev/mmcblk0 appears to be used, you can fix the GPT to use all of the space (an extra 6 blocks) or continue with the current setting?
Command successful.
resize2fs 1.44.1 (24-Mar-2018)
Filesystem at /dev/mapper/luks is mounted on /; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 15
The filesystem on /dev/mapper/luks is now 31179842 (4k) blocks long.
New size of root file system is 127G
$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 1.7G 0 1.7G 0% /dev
tmpfs 396M 24M 372M 6% /run
/dev/mapper/luks 118G 12G 101G 11% /
tmpfs 2.0G 4.0K 2.0G 1% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 396M 140K 396M 1% /run/user/1000
SDカードいっぱいの容量を使用できるようになった。
複数台のJetson Nanoへの展開
今回Linux_for_Tegraに作成した環境は、複数台のJetson Nanoへ展開ができる。
Jetson Nano Dev Boardのrevision A02とB01はデバイスツリーが違うので同じにできないが、
B01であれば2台目以降もリカバリーモードへ入れ、USBケーブルをUbuntuPCに接続し、
$ sudo bash ./odmfuse.sh -i 0x21 -c PKC -k ../rsa_priv.pem -p
でFUSEを書き込み、
$ sudo ./flash.sh -x 0x21 -y PKC -r -u ../rsa_priv.pem jetson-nano-qspi-sd mmcblk0p1
でSDカードイメージを書き込む。
後は、同様にセットアップが可能だ。
これを使い、少量での安全なJetson Nanoのセットアップが可能となった。
Jetson Nano Dev Boardを使ってSDカード暗号化をテスト 記事インデックス
概要編
Jetson Nano secureboot編
LUKS 調査編
initramfs 調査編
起動シーケンス作成編 <いまここ