From 0e23efb9b16872290e2209e7f3a8530f28d29acc Mon Sep 17 00:00:00 2001
From: Javier Viguera <javier.viguera@digi.com>
Date: Tue, 18 Jun 2024 14:17:46 +0200
Subject: [PATCH] trustfence: add variables for file-based encryption

On new platforms, trustfence will use file-based encryption instead of
full-disk encryption. Add base variables and platform defaults to allow
implementing file-based encryption.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
 meta-digi-dey/classes/trustfence.bbclass | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass
index ba99025bb..dfdc0c227 100644
--- a/meta-digi-dey/classes/trustfence.bbclass
+++ b/meta-digi-dey/classes/trustfence.bbclass
@@ -36,6 +36,7 @@ TRUSTFENCE_ENCRYPT_PARTITIONS ?= "1"
 TRUSTFENCE_ENCRYPT_PARTITIONS:ccimx93 ?= "0"
 TRUSTFENCE_ENCRYPT_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "0", "1", d)}"
 TRUSTFENCE_ENCRYPT_ROOTFS:ccimx93 ?= "0"
+TRUSTFENCE_FILE_BASED_ENCRYPT ?= "${TF_FILE_BASED_ENCRYPT}"
 
 # Read-only rootfs
 TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "1", "0", d)}"
@@ -48,6 +49,9 @@ TRUSTFENCE_READ_ONLY_ROOTFS ?= "${@bb.utils.contains("IMAGE_FEATURES", "read-onl
 TF_DEK_PATH = "default"
 TF_DEK_PATH:ccimx93 = "0"
 TF_DEK_PATH:ccmp1 = "0"
+TF_FILE_BASED_ENCRYPT = "0"
+TF_FILE_BASED_ENCRYPT:ccimx93 = "1"
+TF_FILE_BASED_ENCRYPT:ccmp1 = "1"
 
 # NXP-based sign a FIT-format boot artifact
 TRUSTFENCE_SIGN_FIT_NXP = "0"