Add conditional kernel configuration fragment for LUKS encryption with fTPM support. This enables dm-crypt and necessary crypto algorithms when MACHINE_FEATURES contains 'luks-encryption'.
Signed-off-by: Shiva Tripathi <[email protected]> --- .../linux/linux-ti-staging-6.18/luks-ftpm.cfg | 28 +++++++++++++++++++ .../linux/linux-ti-staging_6.18.bb | 9 ++++++ 2 files changed, 37 insertions(+) create mode 100644 meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg diff --git a/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg b/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg new file mode 100644 index 00000000..234cc087 --- /dev/null +++ b/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg @@ -0,0 +1,28 @@ +# Device Mapper support +CONFIG_MD=y +CONFIG_BLK_DEV_DM=y +CONFIG_DM_CRYPT=y + +# Crypto algorithms for LUKS +CONFIG_CRYPTO_XTS=y +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_ARM64=y +CONFIG_CRYPTO_AES_ARM64_CE=y +CONFIG_CRYPTO_AES_ARM64_CE_BLK=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_ARM64=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y + +# Additional crypto support for LUKS2 +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_ESSIV=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y + +# TPM kernel modules needed for initramfs +CONFIG_TCG_TIS_CORE=m +CONFIG_TCG_CRB=m + diff --git a/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging_6.18.bb b/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging_6.18.bb index 8e4ccd7d..69d6217f 100644 --- a/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging_6.18.bb +++ b/meta-ti-bsp/recipes-kernel/linux/linux-ti-staging_6.18.bb @@ -35,3 +35,12 @@ module_conf_rpmsg_client_sample = "blacklist rpmsg_client_sample" module_conf_ti_k3_r5_remoteproc = "softdep ti_k3_r5_remoteproc pre: virtio_rpmsg_bus" module_conf_ti_k3_dsp_remoteproc = "softdep ti_k3_dsp_remoteproc pre: virtio_rpmsg_bus" KERNEL_MODULE_PROBECONF += "rpmsg_client_sample ti_k3_r5_remoteproc ti_k3_dsp_remoteproc" + +# LUKS encryption with fTPM kernel configuration +SRC_URI:append:k3 = " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', 'file://luks-ftpm.cfg', '', d)} \ +" +KERNEL_CONFIG_FRAGMENTS:append:k3 = " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', '${UNPACKDIR}/luks-ftpm.cfg', '', d)} \ +" + -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19655): https://lists.yoctoproject.org/g/meta-ti/message/19655 Mute This Topic: https://lists.yoctoproject.org/mt/118155818/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
