[isar-cip-core,v3,14/15] Kconfig: Add option to encrypt the rootfs

Commit Message

Gylstorff Quirin April 9, 2024, 1:05 p.m. UTC

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 Kconfig | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

Patch

diff --git a/Kconfig b/Kconfig
index 7c19640..8e96865 100644
--- a/Kconfig
+++ b/Kconfig
@@ -212,5 +212,19 @@  config IMAGE_DATA_ENCRYPTION
 config KAS_INCLUDE_DATA_ENCRYPTION
 	string
 	default "kas/opt/encrypt-partitions.yml" if IMAGE_DATA_ENCRYPTION
+endif
+
+if IMAGE_FLASH && !IMAGE_DATA_ENCRYPTION && !IMAGE_SECURE_BOOT && !IMAGE_SWUPDATE
+
+config IMAGE_ROOTFS_ENCRYPTION
+	bool "Encrypt rootfs and data partitions"
+	depends on TARGET_QEMU_AMD64 || TARGET_QEMU_ARM64 || TARGET_QEMU_ARM || !IMAGE_SWUPDATE || !IMAGE_SECURE_BOOT
+	help
+	  This enables LUKS encryption for all partition. This is currently incompatible
+	  with efibootguard, secure boot and SWUpdate.
+
+config KAS_INCLUDE_ROOTFS_ENCRYPTION
+	string
+	default "kas/opt/encrypt_rootfs.yml" if IMAGE_ROOTFS_ENCRYPTION
 
 endif