new file mode 100644
@@ -0,0 +1,22 @@
+# Device Mapper support
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_DM_CRYPT=y
+
+# Core crypto algorithms for LUKS encryption
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_XTS=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+
+# ARM64 optimized crypto for better performance
+CONFIG_CRYPTO_AES_ARM64=y
+CONFIG_CRYPTO_AES_ARM64_CE=y
+CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
+
+# Userspace crypto API for cryptsetup
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+
+# Firmware TPM support via OP-TEE
+CONFIG_TCG_FTPM_TEE=m
@@ -35,3 +35,12 @@ module_conf_rpmsg_client_sample = "blacklist rpmsg_client_sample"
module_conf_ti_k3_r5_remoteproc = "softdep ti_k3_r5_remoteproc pre: virtio_rpmsg_bus"
module_conf_ti_k3_dsp_remoteproc = "softdep ti_k3_dsp_remoteproc pre: virtio_rpmsg_bus"
KERNEL_MODULE_PROBECONF += "rpmsg_client_sample ti_k3_r5_remoteproc ti_k3_dsp_remoteproc"
+
+# LUKS encryption with fTPM kernel configuration
+SRC_URI:append:k3 = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'luks', 'file://luks-ftpm.cfg', '', d)} \
+"
+KERNEL_CONFIG_FRAGMENTS:append:k3 = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'luks', '${UNPACKDIR}/luks-ftpm.cfg', '', d)} \
+"
+
Add kernel configuration fragment enabling dm-crypt and crypto algorithms required for LUKS2 full disk encryption. Config is applied when DISTRO_FEATURES contains 'luks'. Includes ARM64 crypto optimizations and fTPM support. Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com> --- .../linux/linux-ti-staging-6.18/luks-ftpm.cfg | 22 +++++++++++++++++++ .../linux/linux-ti-staging_6.18.bb | 9 ++++++++ 2 files changed, 31 insertions(+) create mode 100644 meta-ti-bsp/recipes-kernel/linux/linux-ti-staging-6.18/luks-ftpm.cfg