diff options
author | Lans Zhang <jia.zhang@windriver.com> | 2017-07-19 10:57:08 +0800 |
---|---|---|
committer | Lans Zhang <jia.zhang@windriver.com> | 2017-07-19 10:57:08 +0800 |
commit | dbd94168ce0805394a5539efe3bfc2bc699be94e (patch) | |
tree | f19de898432594c050acc37d6f11d19de877a666 /README | |
parent | 3eadb6ce1cf7802c7f45dcfc4e1e519ec0d8bd27 (diff) | |
download | meta-secure-core-dbd94168ce0805394a5539efe3bfc2bc699be94e.tar.gz |
README update
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Diffstat (limited to 'README')
-rw-r--r-- | README | 55 |
1 files changed, 46 insertions, 9 deletions
@@ -30,13 +30,12 @@ Table of Contents | |||
30 | ================= | 30 | ================= |
31 | 31 | ||
32 | I. Adding the meta-secure-core layer to your build | 32 | I. Adding the meta-secure-core layer to your build |
33 | II. Misc | 33 | II. Configure meta-secure-core |
34 | III. Build meta-secure-core | ||
34 | 35 | ||
35 | 36 | ||
36 | I. Adding the meta-secure-core layer to your build | 37 | I. Adding the meta-secure-core layer to your build |
37 | ================================================= | 38 | ================================================== |
38 | |||
39 | --- replace with specific instructions for the meta-secure-core layer --- | ||
40 | 39 | ||
41 | In order to use this layer, you need to make the build system aware of | 40 | In order to use this layer, you need to make the build system aware of |
42 | it. | 41 | it. |
@@ -51,10 +50,48 @@ other layers needed. e.g.: | |||
51 | /path/to/yocto/meta-poky \ | 50 | /path/to/yocto/meta-poky \ |
52 | /path/to/yocto/meta-yocto-bsp \ | 51 | /path/to/yocto/meta-yocto-bsp \ |
53 | /path/to/yocto/meta-meta-secure-core \ | 52 | /path/to/yocto/meta-meta-secure-core \ |
53 | /path/to/yocto/meta-meta-secure-core/meta \ | ||
54 | /path/to/yocto/meta-meta-secure-core/meta-signing-key \ | ||
55 | /path/to/yocto/meta-meta-secure-core/meta-tpm \ | ||
56 | /path/to/yocto/meta-meta-secure-core/meta-tpm2 \ | ||
57 | /path/to/yocto/meta-meta-secure-core/meta-efi-secure-boot \ | ||
58 | /path/to/yocto/meta-meta-secure-core/meta-integrity \ | ||
59 | /path/to/yocto/meta-meta-secure-core/meta-encrypted-storage \ | ||
54 | " | 60 | " |
55 | 61 | ||
56 | 62 | or run bitbake-layers to add the meta-secure-core and its sub-layers: | |
57 | II. Misc | 63 | |
58 | ======== | 64 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core |
59 | 65 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta | |
60 | --- replace with specific information about the meta-secure-core layer --- | 66 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key |
67 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm | ||
68 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2 | ||
69 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot | ||
70 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity | ||
71 | $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage | ||
72 | |||
73 | II. Configure meta-secure-core | ||
74 | ============================== | ||
75 | |||
76 | The full features in meta-secure-core can be configured with these definitions | ||
77 | in local.conf: | ||
78 | |||
79 | INITRAMFS_IMAGE = "secure-core-image-initramfs" | ||
80 | DISTRO_FEATURES_NATIVE_append += " ima tpm tpm2 efi-secure-boot encrypted-storage" | ||
81 | DISTRO_FEATURES_append += " ima tpm tpm2 efi-secure-boot encrypted-storage" | ||
82 | SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ | ||
83 | packagegroup-efi-secure-boot \ | ||
84 | packagegroup-tpm \ | ||
85 | packagegroup-tpm2 \ | ||
86 | packagegroup-ima \ | ||
87 | packagegroup-encrypted-storage \ | ||
88 | " | ||
89 | DEBUG_FLAGS_forcevariable = "" | ||
90 | |||
91 | III. Build meta-secure-core | ||
92 | =========================== | ||
93 | |||
94 | The meta-secure-core provides an image called secure-core-image. Run the | ||
95 | following command to build it. | ||
96 | |||
97 | $ bitbake secure-core-image | ||