From: Quirin Gylstorff <quirin.gylstorff@...>

Systemd >= 251 is required for systemd-cryptenroll. This version
is part of backports.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
conf/distro/debian-bullseye-backports.list | 1 +
.../preferences.bullseye-backports.tpm.conf | 4 ++++
kas/opt/tpm.yml | 20 +++++++++++++++++++
3 files changed, 25 insertions(+)
create mode 100644 conf/distro/debian-bullseye-backports.list
create mode 100644 conf/distro/preferences.bullseye-backports.tpm.conf
create mode 100644 kas/opt/tpm.yml

diff --git a/conf/distro/debian-bullseye-backports.list b/conf/distro/debian-bullseye-backports.list
new file mode 100644
index 0000000..3a55e4c
--- /dev/null
+++ b/conf/distro/debian-bullseye-backports.list
@@ -0,0 +1 @@
+deb http://ftp.us.debian.org/debian bullseye-backports main contrib non-free
diff --git a/conf/distro/preferences.bullseye-backports.tpm.conf b/conf/distro/preferences.bullseye-backports.tpm.conf
new file mode 100644
index 0000000..d61fa64
--- /dev/null
+++ b/conf/distro/preferences.bullseye-backports.tpm.conf
@@ -0,0 +1,4 @@
+Explanation: Use systemd and its dependencies from debian-backports to support systemd-cryptenroll
+Package: libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libpam-systemd libudev* libsystemd* systemd systemd-* udev
+Pin: release n=bullseye-backports
+Pin-Priority: 801
diff --git a/kas/opt/tpm.yml b/kas/opt/tpm.yml
new file mode 100644
index 0000000..0e4dc95
--- /dev/null
+++ b/kas/opt/tpm.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 12
+
+local_conf_header:
+ systemd-cryptenroll: |
+ DISTRO_APT_SOURCES:append:bullseye = " conf/distro/debian-bullseye-backports.list"
+ DISTRO_APT_PREFERENCES:append:bullseye = " conf/distro/preferences.bullseye-backports.tpm.conf"
+ image-option-tpm: |
+ INITRAMFS_INSTALL += " initramfs-crypt-hook"
--
2.39.2