README: Clarify local.conf required changes for IMA

- You must ensure that RPM is used in PACKAGE_CLASSES. - We need to remove image-prelink from USER_CLASSES. Prelinking the image at creation time (as happens on x86/x86_64) will result in the IMA hash of files changing from the recorded signature and verification will fail. Signed-off-by: Tom Rini <trini@konsulko.com>
author: Tom Rini <trini@konsulko.com> 2018-04-19 20:17:30 -0400
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-04-20 09:27:01 +0800
commit: bd31f81f78268d144aaca3faf42a505a771eec47 (patch)
tree: f65b101e89c70be6bd1edcc885599fd5ae88794f /README
parent: 4a6de140946ad438fa67481b812d141c42d33573 (diff)
download: meta-secure-core-bd31f81f78268d144aaca3faf42a505a771eec47.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/README b/README
index bc40d8c..37be4fe 100644
--- a/README
+++ b/README
@@ -79,6 +79,7 @@ DISTRO_FEATURES_NATIVE_append += "systemd ima tpm tpm2 efi-secure-boot luks"
 DISTRO_FEATURES_append += "systemd ima tpm tpm2 efi-secure-boot luks modsign"
 MACHINE_FEATURES_NATIVE_append += "efi"
 MACHINE_FEATURES_append += "efi"
+PACKAGE_CLASSES = "package_rpm"
 INHERIT += "sign_rpm_ext"
 SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
    packagegroup-efi-secure-boot \
@@ -89,6 +90,7 @@ SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
 "
 DEBUG_FLAGS_forcevariable = ""
 IMAGE_INSTALL += "kernel-image-bzimage"
+USER_CLASSES_remove = "image-prelink"
 III. Build meta-secure-core
 ===========================
author	Tom Rini <trini@konsulko.com>	2018-04-19 20:17:30 -0400
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-04-20 09:27:01 +0800
commit	bd31f81f78268d144aaca3faf42a505a771eec47 (patch)
tree	f65b101e89c70be6bd1edcc885599fd5ae88794f /README
parent	4a6de140946ad438fa67481b812d141c42d33573 (diff)
download	meta-secure-core-bd31f81f78268d144aaca3faf42a505a771eec47.tar.gz