README update

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-07-19 10:57:08 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-07-19 10:57:08 +0800
commit: dbd94168ce0805394a5539efe3bfc2bc699be94e (patch)
tree: f19de898432594c050acc37d6f11d19de877a666 /README
parent: 3eadb6ce1cf7802c7f45dcfc4e1e519ec0d8bd27 (diff)
download: meta-secure-core-dbd94168ce0805394a5539efe3bfc2bc699be94e.tar.gz
1 files changed, 46 insertions, 9 deletions
diff --git a/README b/README
index afbf854..5a81311 100644
--- a/README
+++ b/README
@@ -30,13 +30,12 @@ Table of Contents
 =================
  I. Adding the meta-secure-core layer to your build
- II. Misc
+ II. Configure meta-secure-core
+III. Build meta-secure-core
 I. Adding the meta-secure-core layer to your build
-=================================================
+==================================================
--- replace with specific instructions for the meta-secure-core layer ---
 In order to use this layer, you need to make the build system aware of
 it.
@@ -51,10 +50,48 @@ other layers needed. e.g.:
    /path/to/yocto/meta-poky \
    /path/to/yocto/meta-yocto-bsp \
    /path/to/yocto/meta-meta-secure-core \
+    /path/to/yocto/meta-meta-secure-core/meta \
+    /path/to/yocto/meta-meta-secure-core/meta-signing-key \
+    /path/to/yocto/meta-meta-secure-core/meta-tpm \
+    /path/to/yocto/meta-meta-secure-core/meta-tpm2 \
+    /path/to/yocto/meta-meta-secure-core/meta-efi-secure-boot \
+    /path/to/yocto/meta-meta-secure-core/meta-integrity \
+    /path/to/yocto/meta-meta-secure-core/meta-encrypted-storage \
    "
+or run bitbake-layers to add the meta-secure-core and its sub-layers:
-II. Misc
-========
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta
--- replace with specific information about the meta-secure-core layer ---
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity
+    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage
+II. Configure meta-secure-core
+==============================
+The full features in meta-secure-core can be configured with these definitions
+in local.conf:
+INITRAMFS_IMAGE = "secure-core-image-initramfs"
+DISTRO_FEATURES_NATIVE_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
+DISTRO_FEATURES_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
+SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
+    packagegroup-efi-secure-boot \
+    packagegroup-tpm \
+    packagegroup-tpm2 \
+    packagegroup-ima \
+    packagegroup-encrypted-storage \
+"
+DEBUG_FLAGS_forcevariable = ""
+III. Build meta-secure-core
+===========================
+The meta-secure-core provides an image called secure-core-image. Run the
+following command to build it.
+    $ bitbake secure-core-image
author	Lans Zhang <jia.zhang@windriver.com>	2017-07-19 10:57:08 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-07-19 10:57:08 +0800
commit	dbd94168ce0805394a5539efe3bfc2bc699be94e (patch)
tree	f19de898432594c050acc37d6f11d19de877a666 /README
parent	3eadb6ce1cf7802c7f45dcfc4e1e519ec0d8bd27 (diff)
download	meta-secure-core-dbd94168ce0805394a5539efe3bfc2bc699be94e.tar.gz

diff --git a/README b/README index afbf854..5a81311 100644 --- a/README +++ b/README
@@ -30,13 +30,12 @@ Table of Contents
30	=================	30	=================
31		31
32	I. Adding the meta-secure-core layer to your build	32	I. Adding the meta-secure-core layer to your build
33	II. Misc	33	II. Configure meta-secure-core
		34	III. Build meta-secure-core
34		35
35		36
36	I. Adding the meta-secure-core layer to your build	37	I. Adding the meta-secure-core layer to your build
37	=================================================	38	==================================================
38
39	--- replace with specific instructions for the meta-secure-core layer ---
40		39
41	In order to use this layer, you need to make the build system aware of	40	In order to use this layer, you need to make the build system aware of
42	it.	41	it.
@@ -51,10 +50,48 @@ other layers needed. e.g.:
51	/path/to/yocto/meta-poky \	50	/path/to/yocto/meta-poky \
52	/path/to/yocto/meta-yocto-bsp \	51	/path/to/yocto/meta-yocto-bsp \
53	/path/to/yocto/meta-meta-secure-core \	52	/path/to/yocto/meta-meta-secure-core \
		53	/path/to/yocto/meta-meta-secure-core/meta \
		54	/path/to/yocto/meta-meta-secure-core/meta-signing-key \
		55	/path/to/yocto/meta-meta-secure-core/meta-tpm \
		56	/path/to/yocto/meta-meta-secure-core/meta-tpm2 \
		57	/path/to/yocto/meta-meta-secure-core/meta-efi-secure-boot \
		58	/path/to/yocto/meta-meta-secure-core/meta-integrity \
		59	/path/to/yocto/meta-meta-secure-core/meta-encrypted-storage \
54	"	60	"
55		61
56		62	or run bitbake-layers to add the meta-secure-core and its sub-layers:
57	II. Misc	63
58	========	64	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core
59		65	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta
60	--- replace with specific information about the meta-secure-core layer ---	66	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key
		67	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm
		68	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2
		69	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot
		70	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity
		71	$ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage
		72
		73	II. Configure meta-secure-core
		74	==============================
		75
		76	The full features in meta-secure-core can be configured with these definitions
		77	in local.conf:
		78
		79	INITRAMFS_IMAGE = "secure-core-image-initramfs"
		80	DISTRO_FEATURES_NATIVE_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
		81	DISTRO_FEATURES_append += " ima tpm tpm2 efi-secure-boot encrypted-storage"
		82	SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\
		83	packagegroup-efi-secure-boot \
		84	packagegroup-tpm \
		85	packagegroup-tpm2 \
		86	packagegroup-ima \
		87	packagegroup-encrypted-storage \
		88	"
		89	DEBUG_FLAGS_forcevariable = ""
		90
		91	III. Build meta-secure-core
		92	===========================
		93
		94	The meta-secure-core provides an image called secure-core-image. Run the
		95	following command to build it.
		96
		97	$ bitbake secure-core-image