mirrors/meta-ti
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-ti synced 2026-05-07 20:09:17 +00:00
Code Issues Projects Releases Wiki Activity
Files
master-next
meta-ti/meta-ti-bsp/dynamic-layers
T
History
Shiva Tripathi bd0e3d7ba5 initramfs-module-luks-ftpm: Add fTPM support 
Add initramfs module to dynamic-layers/tpm-layer providing LUKS2 full
disk encryption with TPM-sealed keys for TI K3 platforms. Keys are
sealed by firmware TPM (fTPM) running in OP-TEE and stored in eMMC
RPMB.

Features:
- First-boot in-place encryption with tpm2_getrandom key generation
- TPM-sealed key storage via persistent handle 0x81080001
- Automatic unlock on subsequent boots
- Space verification ensuring 32MB available for LUKS header

The module is built only when meta-tpm layer is present and gets
included in initramfs only when DISTRO_FEATURES='luks' and
MACHINE_FEATURES='optee-ftpm'

LUKS packages (cryptsetup, tpm2-tools, tpm2-tss, optee-ftpm,
e2fsprogs-*) significantly increase initramfs size beyond the default
131072 limit. Increase INITRAMFS_MAXSIZE to 200000 to accommodate
these packages.

Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
2026-03-26 09:40:56 -05:00
..
openembedded-layer
packagegroup-ti-core-initramfs: move cifs-utils to dynamic-layers
2025-11-05 17:55:43 -06:00
tpm-layer/recipes-ti/initramfs
initramfs-module-luks-ftpm: Add fTPM support
2026-03-26 09:40:56 -05:00