Consider to add IPE support for 6.12 and later kernels (if possible) and relevant options -- in case of obtainig IPE via LSM support, for example, i.e.:

CONFIG_SECURITY_IPE=y
CONFIG_IPE_BOOT_POLICY=""
CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y
CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y
CONFIG_IPE_PROP_DM_VERITY=y
CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y
CONFIG_IPE_PROP_FS_VERITY=y
CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y

More about IPE here:

https://docs.kernel.org/security/ipe.html

https://docs.kernel.org/admin-guide/LSM/ipe.html