diff options
author | Armin Kuster <akuster808@gmail.com> | 2019-08-09 13:25:47 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-08-09 13:25:47 -0700 |
commit | 29562326f53f6a01a5099f3360371fa3f1dc3c97 (patch) | |
tree | a53fefcfa99c399a3da231011eca12501af720e2 | |
parent | ddf38730930679a0e977b8e41de1513a51fb5990 (diff) | |
download | meta-security-wip_kernel.tar.gz |
ima: remove kernel fragments now in cachewip_kernel
Signed-off-by: Armin Kuster <akuster808@gmail.com>
5 files changed, 2 insertions, 33 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-integrity/recipes-kernel/linux/linux-%.bbappend index ca96c8d..f9a48cd 100644 --- a/meta-integrity/recipes-kernel/linux/linux-%.bbappend +++ b/meta-integrity/recipes-kernel/linux/linux-%.bbappend | |||
@@ -1,6 +1,5 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" | 1 | KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}" |
2 | 2 | ||
3 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}" | 3 | KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}" |
4 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' file://modsign.scc file://modsign.cfg', '', d)}" | ||
5 | 4 | ||
6 | inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)} | 5 | inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)} |
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-integrity/recipes-kernel/linux/linux/ima.cfg deleted file mode 100644 index b3e47ba..0000000 --- a/meta-integrity/recipes-kernel/linux/linux/ima.cfg +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | CONFIG_IMA=y | ||
2 | CONFIG_IMA_MEASURE_PCR_IDX=10 | ||
3 | CONFIG_IMA_NG_TEMPLATE=y | ||
4 | CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" | ||
5 | CONFIG_IMA_DEFAULT_HASH_SHA1=y | ||
6 | CONFIG_IMA_DEFAULT_HASH="sha1" | ||
7 | CONFIG_IMA_APPRAISE=y | ||
8 | CONFIG_IMA_APPRAISE_BOOTPARAM=y | ||
9 | CONFIG_IMA_TRUSTED_KEYRING=y | ||
10 | CONFIG_SIGNATURE=y | ||
11 | CONFIG_IMA_WRITE_POLICY=y | ||
12 | CONFIG_IMA_READ_POLICY=y | ||
13 | CONFIG_IMA_LOAD_X509=y | ||
14 | CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" | ||
15 | |||
16 | #CONFIG_INTEGRITY_SIGNATURE=y | ||
17 | #CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y | ||
18 | #CONFIG_INTEGRITY_TRUSTED_KEYRING=y | ||
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg b/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg deleted file mode 100644 index 9a45425..0000000 --- a/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | # CONFIG_IMA_APPRAISE_SIGNED_INIT is not set | ||
2 | CONFIG_EVM_LOAD_X509=y | ||
3 | CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" | ||
diff --git a/meta-integrity/recipes-kernel/linux/linux/modsign.cfg b/meta-integrity/recipes-kernel/linux/linux/modsign.cfg deleted file mode 100644 index c0c4ebc..0000000 --- a/meta-integrity/recipes-kernel/linux/linux/modsign.cfg +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | CONFIG_MODULE_SIG=y | ||
2 | CONFIG_MODULE_SIG_FORCE=y | ||
3 | CONFIG_MODULE_SIG_SHA256=y | ||
4 | CONFIG_MODULE_SIG_HASH="sha256" | ||
5 | CONFIG_MODULE_SIG_KEY="modsign_key.pem" | ||
diff --git a/meta-integrity/recipes-kernel/linux/linux/modsign.scc b/meta-integrity/recipes-kernel/linux/linux/modsign.scc deleted file mode 100644 index bce78ae..0000000 --- a/meta-integrity/recipes-kernel/linux/linux/modsign.scc +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | define KFEATURE_DESCRIPTION "Kernel Module Signing (modsign) enablement" | ||
2 | define KFEATURE_COMPATIBILITY all | ||
3 | |||
4 | kconf non-hardware modsign.cfg | ||