new file mode 100644
@@ -0,0 +1,28 @@
+# Device Mapper support
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_DM_CRYPT=y
+
+# Crypto algorithms for LUKS
+CONFIG_CRYPTO_XTS=y
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_ARM64=y
+CONFIG_CRYPTO_AES_ARM64_CE=y
+CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_ARM64=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+
+# Additional crypto support for LUKS2
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_ESSIV=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+
+# TPM kernel modules needed for initramfs
+CONFIG_TCG_TIS_CORE=m
+CONFIG_TCG_CRB=m
+
@@ -35,3 +35,12 @@ module_conf_rpmsg_client_sample = "blacklist rpmsg_client_sample"
module_conf_ti_k3_r5_remoteproc = "softdep ti_k3_r5_remoteproc pre: virtio_rpmsg_bus"
module_conf_ti_k3_dsp_remoteproc = "softdep ti_k3_dsp_remoteproc pre: virtio_rpmsg_bus"
KERNEL_MODULE_PROBECONF += "rpmsg_client_sample ti_k3_r5_remoteproc ti_k3_dsp_remoteproc"
+
+# LUKS encryption with fTPM kernel configuration
+SRC_URI:append:k3 = " \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', 'file://luks-ftpm.cfg', '', d)} \
+"
+KERNEL_CONFIG_FRAGMENTS:append:k3 = " \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'luks-encryption', '${WORKDIR}/luks-ftpm.cfg', '', d)} \
+"
+
Add conditional kernel configuration fragment for LUKS encryption with fTPM support. This enables dm-crypt and necessary crypto algorithms when MACHINE_FEATURES contains 'luks-encryption'. Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com> --- .../linux/linux-ti-staging-6.18/luks-ftpm.cfg | 28 +++++++++++++++++++ .../linux/linux-ti-staging_6.18.bb | 9 ++++++ 2 files changed, 37 insertions(+) create mode 100644 meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg