cip-dev@lists.cip-project.org | [isar-cip-core][PATCH v4 2/7] KConfig: add tpm option

Home Messages Hashtags Subgroups

Date Date 1 - 4 of 4

[isar-cip-core][PATCH v4 2/7] KConfig: add tpm option

Quirin Gylstorff #10937 From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig \| 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Kconfig b/Kconfig index 7d72094..7ce87d0 100644 --- a/Kconfig +++ b/Kconfig @@ -193,4 +193,15 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT +config IMAGE_TPM2_ENCRYPTION + bool "Encrypt partitions on first boot with TPM2 (Demo)" + depends on TARGET_QEMU_AMD64 + help + This enables TPM2 encryption for the partition given in the variable + CRYPT_PARTITIONS from recipes-initramfs/initramfs-crypt-hook. + +config KAS_INCLUDE_TPM2_ENCRYPTION + string + default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION + endif -- 2.39.2
More All Messages By This Member
Jan Kiszka #10944 On 06.03.23 13:39, Quirin Gylstorff wrote: From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig \| 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Kconfig b/Kconfig index 7d72094..7ce87d0 100644 --- a/Kconfig +++ b/Kconfig @@ -193,4 +193,15 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT +config IMAGE_TPM2_ENCRYPTION + bool "Encrypt partitions on first boot with TPM2 (Demo)" Why "Demo"? + depends on TARGET_QEMU_AMD64 + help + This enables TPM2 encryption for the partition given in the variable + CRYPT_PARTITIONS from recipes-initramfs/initramfs-crypt-hook. + +config KAS_INCLUDE_TPM2_ENCRYPTION + string + default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION + endif I'm struggling a bit with the naming and description (throughout the series). The feature is actually data encryption. The fact that we use TPM2 for key storage on x86 (and possibly also some form on other archs) is an implementation aspect. Let me think about it... Jan -- Siemens AG, Technology Competence Center Embedded Linux
More All Messages By This Member
Quirin Gylstorff #10949 On 3/6/23 18:27, Jan Kiszka wrote: On 06.03.23 13:39, Quirin Gylstorff wrote: From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig \| 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Kconfig b/Kconfig index 7d72094..7ce87d0 100644 --- a/Kconfig +++ b/Kconfig @@ -193,4 +193,15 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT +config IMAGE_TPM2_ENCRYPTION + bool "Encrypt partitions on first boot with TPM2 (Demo)" Why "Demo"? To mark it for demonstration purpose only. + depends on TARGET_QEMU_AMD64 + help + This enables TPM2 encryption for the partition given in the variable + CRYPT_PARTITIONS from recipes-initramfs/initramfs-crypt-hook. + +config KAS_INCLUDE_TPM2_ENCRYPTION + string + default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION + endif I'm struggling a bit with the naming and description (throughout the series). The feature is actually data encryption. The fact that we use TPM2 for key storage on x86 (and possibly also some form on other archs) is an implementation aspect. Let me think about it... I can change it to: config IMAGE_DATA_ENCRYPTION bool "Encrypt data partitions on first boot" depends on TARGET_QEMU_AMD64 help This enables LUKS encryption for the partitions /var and /home. config KAS_INCLUDE_DATA_ENCRYPTION string default "kas/opt/encrypt-partitions.yml" Jan Quirin
More All Messages By This Member
Jan Kiszka #10955 On 07.03.23 19:32, Gylstorff Quirin wrote: On 3/6/23 18:27, Jan Kiszka wrote: On 06.03.23 13:39, Quirin Gylstorff wrote: From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig \| 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Kconfig b/Kconfig index 7d72094..7ce87d0 100644 --- a/Kconfig +++ b/Kconfig @@ -193,4 +193,15 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT +config IMAGE_TPM2_ENCRYPTION + bool "Encrypt partitions on first boot with TPM2 (Demo)" Why "Demo"? To mark it for demonstration purpose only. I meant what part of it is demonstrational, what is reusable. + depends on TARGET_QEMU_AMD64 + help + This enables TPM2 encryption for the partition given in the variable + CRYPT_PARTITIONS from recipes-initramfs/initramfs-crypt-hook. + +config KAS_INCLUDE_TPM2_ENCRYPTION + string + default "kas/opt/tpm.yml" if IMAGE_TPM2_ENCRYPTION + endif I'm struggling a bit with the naming and description (throughout the series). The feature is actually data encryption. The fact that we use TPM2 for key storage on x86 (and possibly also some form on other archs) is an implementation aspect. Let me think about it... I can change it to: config IMAGE_DATA_ENCRYPTION bool "Encrypt data partitions on first boot" depends on TARGET_QEMU_AMD64 help This enables LUKS encryption for the partitions /var and /home. config KAS_INCLUDE_DATA_ENCRYPTION string default "kas/opt/encrypt-partitions.yml" Something like that, yeah. Thanks, Jan -- Siemens AG, Technology Competence Center Embedded Linux
More All Messages By This Member

1 - 4 of 4

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms