From: Quirin Gylstorff <quirin.gylstorff@...>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
Kconfig | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/Kconfig b/Kconfig
index cd24ce2..b8fa16a 100644
--- a/Kconfig
+++ b/Kconfig
@@ -189,4 +189,12 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT
default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT

+config IMAGE_TPM2_ENCRYPTION
+ bool "Encrypt partitions on first boot with TPM2"
+ depends on TARGET_QEMU_AMD64
+
+config KAS_INCLUDE_TPM2_ENCRYPTION
+ string
+ default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION
+
endif
--
2.39.1

On 24.02.23 17:28, Quirin Gylstorff wrote:

From: Quirin Gylstorff <quirin.gylstorff@...>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
Kconfig | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/Kconfig b/Kconfig
index cd24ce2..b8fa16a 100644
--- a/Kconfig
+++ b/Kconfig
@@ -189,4 +189,12 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT
default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT
default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT

+config IMAGE_TPM2_ENCRYPTION
+ bool "Encrypt partitions on first boot with TPM2"
+ depends on TARGET_QEMU_AMD64

Here would be one good place for the "demo-only" warning. A help section
could elaborate. And/or the README.

Jan

+
+config KAS_INCLUDE_TPM2_ENCRYPTION
+ string
+ default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION
+
endif

--
Siemens AG, Technology
Competence Center Embedded Linux