[Concept] [PATCH 00/16] Continue TKey development

15 Nov 2025

      From: Simon Glass <simon.glass@canonical.com>

This series adds the ability to provide a user-supplied secret to the
TKey and use that to obtain a disk-encryption key.

Expo is enhanced to support password entry and bootflows can now record
whether the root disk is encrypted or not.

Further work will enable the TKey in the UI and actually unlock an
encrypted disk.

Simon Glass (16):
  aes: Use const pointers for read-only parameters
  emulation: Support the bootcmd more generally
  input: Provide a way for tests to register a mouse click
  expo: Support hiding password entry
  expo: Support disk-passphrase entry in the menu
  expo: Allow entering text into textline in non-popup expos
  tkey: Allow modelling the tkey being disconnected
  tkey: Support loading an app with a user-supplied secret
  tkey: Provide some back-door functions for TKey tests
  tkey: Use SHA256 to obtain the disk-encryption key
  tkey: sandbox: Avoid returning -ENODEV from the driver
  tkey: Allow selecting the TKey device by name
  tkey: Provide a real tkey device with test.dts
  boot: Use constants for a few common strings
  boot: Show an indication for encrypted bootflows
  boot: Detect encrypted partitions with extlinux

 arch/sandbox/dts/test.dts         |   5 +
 arch/x86/cpu/qemu/qemu.c          |  28 -----
 board/emulation/common/Makefile   |   3 +
 board/emulation/common/bootcmd.c  |  37 +++++++
 boot/bootflow.c                   |   5 +-
 boot/bootflow_internal.h          |  11 ++
 boot/bootflow_menu.c              |  31 ++++++
 boot/bootmeth_extlinux.c          |  54 ++++++++++
 boot/scene.c                      |  28 ++++-
 cmd/bootflow.c                    |  15 ++-
 cmd/tkey.c                        |  36 ++++++-
 doc/board/emulation/common.rst    |  28 +++++
 doc/board/emulation/index.rst     |   1 +
 doc/board/emulation/qemu-x86.rst  |  18 +---
 doc/usage/cmd/tkey.rst            |  24 ++++-
 drivers/crypto/nuvoton/npcm_aes.c |  22 ++--
 drivers/input/mouse-uclass.c      |  13 +++
 drivers/misc/tkey-uclass.c        | 174 +++++++++++++++++-------------
 drivers/misc/tkey_emul.c          |  82 +++++++++++++-
 drivers/misc/tkey_sandbox.c       |  12 +--
 include/bootflow.h                |   4 +
 include/expo.h                    |   2 +
 include/mouse.h                   |  14 +++
 include/tkey.h                    |  98 +++++++++++++++++
 include/uboot_aes.h               |  42 ++++----
 lib/aes.c                         |  22 ++--
 test/boot/bootflow.c              | 111 +++++++++++++------
 test/boot/cedit.c                 |  11 ++
 test/cmd/tkey.c                   |  11 +-
 test/dm/tkey.c                    |  41 +++----
 30 files changed, 739 insertions(+), 244 deletions(-)
 create mode 100644 board/emulation/common/bootcmd.c
 create mode 100644 doc/board/emulation/common.rst

-- 
2.43.0

base-commit: 33f5f5cb3f175edb3b1ded10f091706aefda0d84
branch: secf