mirror of
https://git.yoctoproject.org/meta-ti
synced 2026-06-08 11:50:56 +00:00
Shiva Tripathi
bd0e3d7ba5
Add initramfs module to dynamic-layers/tpm-layer providing LUKS2 full disk encryption with TPM-sealed keys for TI K3 platforms. Keys are sealed by firmware TPM (fTPM) running in OP-TEE and stored in eMMC RPMB. Features: - First-boot in-place encryption with tpm2_getrandom key generation - TPM-sealed key storage via persistent handle 0x81080001 - Automatic unlock on subsequent boots - Space verification ensuring 32MB available for LUKS header The module is built only when meta-tpm layer is present and gets included in initramfs only when DISTRO_FEATURES='luks' and MACHINE_FEATURES='optee-ftpm' LUKS packages (cryptsetup, tpm2-tools, tpm2-tss, optee-ftpm, e2fsprogs-*) significantly increase initramfs size beyond the default 131072 limit. Increase INITRAMFS_MAXSIZE to 200000 to accommodate these packages. Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Collection of layers for the OE-core universe Please see the respective READMEs in the layer subdirectories