Add encrypted-boot-common.inc for machines supporting LUKS encryption with fTPM. Triggers ti-core-initramfs build and overrides IMAGE_FILE to use uncompressed cpio.
Signed-off-by: Shiva Tripathi <[email protected]> --- .../machine/include/encrypted-boot-common.inc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 meta-ti-bsp/conf/machine/include/encrypted-boot-common.inc diff --git a/meta-ti-bsp/conf/machine/include/encrypted-boot-common.inc b/meta-ti-bsp/conf/machine/include/encrypted-boot-common.inc new file mode 100644 index 00000000..10a5cb86 --- /dev/null +++ b/meta-ti-bsp/conf/machine/include/encrypted-boot-common.inc @@ -0,0 +1,16 @@ +# Common logic for encrypted boot with TPM-sealed LUKS keys +# +# This include file enables ti-core-initramfs with LUKS encryption support +# via the initramfs-module-luks-ftpm hook module. +# +# To use this in custom image, add to your image bbappend: +# require conf/machine/include/encrypted-boot-common.inc +# +# This will activate when MACHINE_FEATURES contains 'luks-encryption' + +TI_CORE_INITRAMFS_EXTRA_INSTALL:append = "${@bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', ' ', '', d)}" + +TI_CORE_INITRAMFS_ENABLED ?= "${@ '1' if d.getVar('TI_CORE_INITRAMFS_KERNEL_MODULES') or d.getVar('TI_CORE_INITRAMFS_EXTRA_INSTALL') or bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', 'true', 'false', d) else '0'}" + +# Override to use uncompressed cpio (U-Boot can't decompress XZ format) +TI_CORE_INITRAMFS_IMAGE_FILE = "${TI_CORE_INITRAMFS_IMAGE}.cpio;initramfs.cpio" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19644): https://lists.yoctoproject.org/g/meta-ti/message/19644 Mute This Topic: https://lists.yoctoproject.org/mt/118139340/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
