<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-integrity/README.md, branch styhead</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=styhead</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=styhead'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2024-07-01T11:07:58+00:00</updated>
<entry>
<title>meta-integrity: Enable passing private key password</title>
<updated>2024-07-01T11:07:58+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2024-06-19T14:15:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=37e5a930d70ccd6f4468606276012c9711103dc4'/>
<id>urn:sha1:37e5a930d70ccd6f4468606276012c9711103dc4</id>
<content type='text'>
Allow users to pass the private key password using
IMA_EVM_EVMCTL_KEY_PASSWORD.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: Add IMA_EVM_PRIVKEY_KEY_OPT to pass options to evmctl</title>
<updated>2024-07-01T11:07:58+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2024-06-19T14:15:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=06bd46276fbba42019f1327ecd8c4caf6a963a6f'/>
<id>urn:sha1:06bd46276fbba42019f1327ecd8c4caf6a963a6f</id>
<content type='text'>
Introduce IMA_EVM_PRIVKEY_KEY_OPT to pass additional options to evmctl
when signing files. An example is --keyid &lt;id&gt; that makes evmctl use
a specific key id when signing files.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: Remove stale variables and documentation</title>
<updated>2024-07-01T11:07:58+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2024-06-19T14:15:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d2d125de9231a9919f3b7f4be4b994336a2eced1'/>
<id>urn:sha1:d2d125de9231a9919f3b7f4be4b994336a2eced1</id>
<content type='text'>
Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>README.md: update to new patches mailing list</title>
<updated>2024-04-09T15:31:35+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-04-09T15:31:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d1522af21da8d799a8f397aef6359b5ed4dc07fe'/>
<id>urn:sha1:d1522af21da8d799a8f397aef6359b5ed4dc07fe</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>linux-yocto%.bbappend: Add audit.cfg</title>
<updated>2024-02-20T12:40:39+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2024-01-31T14:28:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d444b7d7dad2c3b7c86b17dc0eff3500111b427f'/>
<id>urn:sha1:d444b7d7dad2c3b7c86b17dc0eff3500111b427f</id>
<content type='text'>
Add audit.cfg configuration fragment. By default it is not appended
to SRC_URI. It allows enabling the audit kernel subsystem which may
help to debug appraisal issues. Boot with "integrity_audit=1" to
capture a more complete set of events in /var/log/audit/.

Previously the same configuration fragment was provided by layer
meta-security-framework but it is no longer maintained therefore it
makes sense to have audit.cfg in layer meta-integrity.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>integrity: Update the README for IMA support</title>
<updated>2023-05-06T11:54:09+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2023-04-28T12:23:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b9abf0e09bfea8f08cc7f2d68998f014abba5b3b'/>
<id>urn:sha1:b9abf0e09bfea8f08cc7f2d68998f014abba5b3b</id>
<content type='text'>
Update the README describing how IMA support can be used.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima: Rename IMA_EVM_POLICY_SYSTEMD to IMA_EVM_POLICY</title>
<updated>2023-05-06T11:54:09+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2023-04-28T12:23:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=292b49342cb47da59525a44227598cf136311e1b'/>
<id>urn:sha1:292b49342cb47da59525a44227598cf136311e1b</id>
<content type='text'>
The IMA policy will be specified using the IMA_EVM_POLICY variable since
systemd will not be involved in loading the policy but the init script will
load it.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: Convert to new override syntax</title>
<updated>2021-08-01T15:47:08+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2021-07-29T23:32:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b8554aae23cb66378866bff7d5ef6c6324fa486a'/>
<id>urn:sha1:b8554aae23cb66378866bff7d5ef6c6324fa486a</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: add sanity check</title>
<updated>2021-06-06T20:03:37+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2021-06-02T01:59:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=6e75e751ff1a0e1c45545a032a598a9098fa75f2'/>
<id>urn:sha1:6e75e751ff1a0e1c45545a032a598a9098fa75f2</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>README.md: update according to the refactoring in ima-evm-rootfs.bbclass</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=4dc646c8cee3774e32011db534cc9f4fb8915fa3'/>
<id>urn:sha1:4dc646c8cee3774e32011db534cc9f4fb8915fa3</id>
<content type='text'>
Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
