TrustFence support in Digi Embedded Yocto is encapsulated in the TrustFence class. This class must be inherited into your project’s conf/local.conf configuration file to use TrustFence support:

INHERIT += "trustfence"

The TrustFence class configures a set of default configuration options, including:

  • Secure boot with both signed and encrypted images

  • U-Boot environment encryption

  • Encrypted root file system

Trustfence features are only fully supported on closed devices. See Secure boot overview.