summaryrefslogtreecommitdiffstats
path: root/meta-integrity/recipes-kernel
Commit message (Collapse)AuthorAgeFilesLines
* meta-secure-core: Convert to new override syntaxYi Zhao2021-08-091-2/+2
| | | | | | Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* ima: Fix badly formatted CONFIG_IMA_NG_TEMPLATEYongxin Liu2020-10-121-1/+1
| | | | | | | | | | Fix the following warning: [INFO]: the following symbols were not found in the active configuration: - CONFIG_IMA_NG_TEMPLATE=y Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
* linux-yocto-integrity.inc: fix 'uks_modsign_keys_dir' is not defined (#119)Hongxu Jia2019-10-071-2/+6
| | | | | | | | | | Since commit [b41010c linux-yocto-integrity: fix modsign key path] applied, if MODSIGN_ENABLED is "0", bbclass user-key-store will not be inherited which causing 'uks_modsign_keys_dir' is not defined Unconditionally inherit user-key-store, but conditionally invoke uks_modsign_keys_dir Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
* linux-yocto-integrity: fix modsign key pathDmitry Eremin-Solenikov2019-09-161-1/+3
| | | | | | | Use modsign key directly from uks_modsign_keys_path(d), rather than from installed package. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
* meta-secure-core: add linux-yocto-dev bbappendYi Zhao2019-08-131-0/+1
| | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* linux-yocto: upgrade bbappend from 4.% to 5.%Yi Zhao2019-08-132-0/+0
| | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* key-store: rename ima private key and certificate on targetYunguo Wei2018-11-071-1/+1
| | | | | | | | | If sample keys are selected, key-store service will deploy IMA private key during first boot, but beople may be confused if we deploy a sample private key like "xxx.crt", so this commit is making sure key/cert on target are consistent with key files on build system. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
* ima/linux-yocto: Enable CONFIG_IMA_READ_POLICY and CONFIG_IMA_APPRAISE_BOOTPARAMJia Zhang2018-03-191-1/+2
| | | | Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* integrity/linux-yocto: Enable CONFIG_SYSTEM_BLACKLIST_KEYRINGJia Zhang2018-03-191-0/+1
| | | | Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* meta-integrity: Ensure that we have CONFIG_SECURITY enabled in the kernelTom Rini2018-02-221-0/+1
| | | | | | | | To make it easier to use this layer with various BSP layers we need to ensure that we set CONFIG_SECURITY=y as that is in turn required by the rest of our features, except for CONFIG_SECURITYFS Signed-off-by: Tom Rini <trini@konsulko.com>
* linux-yocto: fix loading kernel module due to being strippedJia Zhang2017-11-261-0/+2
| | | | | | | | | The kernel module will be stripped during do_package, including the modsign signature. Use INHIBIT_PACKAGE_STRIP=1 if modsign is configured. Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* meta-integrity: enable modsign support in kernelJia Zhang2017-11-213-5/+30
| | | | Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
* IMA: allow to write policy but deny to read policyLans Zhang2017-07-201-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Code style fixupLans Zhang2017-07-041-2/+0
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-integrity: implement the system trusted cert and IMA trusted certLans Zhang2017-07-042-4/+9
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* Use the DER-formatted system trusted keyLans Zhang2017-07-031-3/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* code style fixupLans Zhang2017-06-291-3/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: refresh kernel cfgLans Zhang2017-06-267-23/+22
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: initial commitLans Zhang2017-06-225-0/+59
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-30 12:28:18 +0000