The closest to what you want would probably be encrypting rootfs partition:
6. Set up your device with root filesystem encryption
Root filesystem encryption adds another layer of security to TrustFence. It uses the kernel’s cryptographic support to encrypt all the data you store in the root filesystem. Attempting to access this data without the correct encryption key returns random, meaningless bytes.
When you enable TrustFence (see Enable TrustFence support in Digi Embedded Yocto), you automatically enable root filesystem encryption. This configures the project so a new ramdisk (dey-image-trustfence-initramfs-ccimx6ulsbc.cpio.gz.u-boot.tf). This ramdisk is used at boot time to set up the encrypted root filesystem partition.