diff options
author | Tom Rini <trini@konsulko.com> | 2018-04-19 20:17:30 -0400 |
---|---|---|
committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-04-20 09:27:01 +0800 |
commit | bd31f81f78268d144aaca3faf42a505a771eec47 (patch) | |
tree | f65b101e89c70be6bd1edcc885599fd5ae88794f /README | |
parent | 4a6de140946ad438fa67481b812d141c42d33573 (diff) | |
download | meta-secure-core-bd31f81f78268d144aaca3faf42a505a771eec47.tar.gz |
README: Clarify local.conf required changes for IMA
- You must ensure that RPM is used in PACKAGE_CLASSES.
- We need to remove image-prelink from USER_CLASSES. Prelinking the
image at creation time (as happens on x86/x86_64) will result in the
IMA hash of files changing from the recorded signature and
verification will fail.
Signed-off-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'README')
-rw-r--r-- | README | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -79,6 +79,7 @@ DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks" | |||
79 | DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign" | 79 | DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign" |
80 | MACHINE_FEATURES_NATIVE_append += "efi" | 80 | MACHINE_FEATURES_NATIVE_append += "efi" |
81 | MACHINE_FEATURES_append += "efi" | 81 | MACHINE_FEATURES_append += "efi" |
82 | PACKAGE_CLASSES = "package_rpm" | ||
82 | INHERIT += "sign_rpm_ext" | 83 | INHERIT += "sign_rpm_ext" |
83 | SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ | 84 | SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ |
84 | packagegroup-efi-secure-boot \ | 85 | packagegroup-efi-secure-boot \ |
@@ -89,6 +90,7 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ | |||
89 | " | 90 | " |
90 | DEBUG_FLAGS_forcevariable = "" | 91 | DEBUG_FLAGS_forcevariable = "" |
91 | IMAGE_INSTALL += "kernel-image-bzimage" | 92 | IMAGE_INSTALL += "kernel-image-bzimage" |
93 | USER_CLASSES_remove = "image-prelink" | ||
92 | 94 | ||
93 | III. Build meta-secure-core | 95 | III. Build meta-secure-core |
94 | =========================== | 96 | =========================== |