| Message ID | 20230309102821.307140-3-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Encrypt Partition in initramfs | expand |
On 09.03.23 11:28, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > Kconfig | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/Kconfig b/Kconfig > index 7d72094..cafb04c 100644 > --- a/Kconfig > +++ b/Kconfig > @@ -193,4 +193,14 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT > default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT > default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT > > +config IMAGE_DATA_ENCRYPTION > + bool "Encrypt data partitions on first boot" > + depends on TARGET_QEMU_AMD64 This depends on IMAGE_SWUPDATE. Logically, it only makes sense in combination with IMAGE_SECURE_BOOT, so I will add that as selection here. As the TPM emulation is not hw-dependenent, I would like to add other QEMU targets as well. But it seems we need to flip kernel configs there as well first. So, this can come later. Jan > + help > + This enables LUKS encryption for the partitions /var and /home. > + > +config KAS_INCLUDE_DATA_ENCRYPTION > + string > + default "kas/opt/encrypt-partitions.yml" if IMAGE_DATA_ENCRYPTION > + > endif
diff --git a/Kconfig b/Kconfig index 7d72094..cafb04c 100644 --- a/Kconfig +++ b/Kconfig @@ -193,4 +193,14 @@ config KAS_INCLUDE_SWUPDATE_SECBOOT default "kas/opt/ebg-swu.yml" if IMAGE_SWUPDATE && !IMAGE_SECURE_BOOT default "kas/opt/ebg-secure-boot-snakeoil.yml" if IMAGE_SECURE_BOOT +config IMAGE_DATA_ENCRYPTION + bool "Encrypt data partitions on first boot" + depends on TARGET_QEMU_AMD64 + help + This enables LUKS encryption for the partitions /var and /home. + +config KAS_INCLUDE_DATA_ENCRYPTION + string + default "kas/opt/encrypt-partitions.yml" if IMAGE_DATA_ENCRYPTION + endif