EFS Sample App Command Line Usage#

The table below lists the different options for EFS sample app:

Short Option

Long Option

Description

-e

–encrypt

Encrypt VEK using derived key. This will also include VEK generation.

-d

–decrypt=

Decrypt VEK using derived key, writing the output to . must be a regular file under /tmp/ with mode 0600 and size 0. File must be present before passing it as input.

-p

–derivation-string=

Specify key derivation string (required, max 32 bytes). Used for deriving VEK Encryption Key from OEM_K1.

-c

–context-string=

Specify context string (optional, max 32 bytes. Default: context). Used for deriving VEK Encryption Key from OEM_K1.

-f

–vek-name=

Name suffix for filename storing key and IV (optional)

–verbose

Print verbose information

-h

–help

Show usage

Example Usage for Creation and Encryption of VEK#

./efs_key --encrypt --derivation-string=test --context-string=context –vek_name=homedir

The command above:

  • Creates and encrypts VEK

  • /etc/nvidia/efs/vek_homedir_enc.key file has the encrypted VEK and IV.

Example Usage for Decryption of VEK#

./efs_key --decrypt=<tmp-input-file> --derivation-string=test --context-string=context –vek_name=homedir

The command above:

  • Decrypts the encrypted VEK from /etc/nvidia/efs/vek_homedir_enc.key

  • The decrypted VEK is written to <tmp-input-file> as a hexadecimal stream, one character per 4-bits.

On this page