linux/meta-security.git/meta-integrity/recipes-core/initrdscripts, branch master-nextMirror of git.yoctoproject.org/meta-security.githttps://git.enea.com/cgit/linux/meta-security.git/atom?h=master-next2024-08-01T01:10:13+00:00initramfs-framework-ima: UNPACKDIR fix2024-08-01T01:10:13+00:00Mikko Rapelimikko.rapeli@linaro.org2024-07-25T09:01:18+00:00urn:sha1:7028cd22669cefd4c328410edfa414310174280e
New poky uses UNPACKDIR instead of WORKDIR
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-integrity: Convert to new override syntax2021-08-01T15:47:08+00:00Armin Kusterakuster808@gmail.com2021-07-29T23:32:05+00:00urn:sha1:b8554aae23cb66378866bff7d5ef6c6324fa486a
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: introduce IMA_FORCE2021-04-12T14:07:11+00:00Ming Liuliu.ming50@gmail.com2021-04-08T18:38:14+00:00urn:sha1:076e75d5cc1fe7b43af8dcd10d8b2b18af422c84
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.
This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.
Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: let ima_enabled return 02021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:21+00:00urn:sha1:ffab25f929d8e78a909e1a2b362c05be83dee4bf
Otherwise, ima script would not run as intended.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: RDEPENDS on ima-evm-keys2021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:18+00:00urn:sha1:52bfc654e8a48a1fcfd89ba8750021c21718f6f5
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: fix a wrong path2021-02-24T04:34:51+00:00Ming Liuliu.ming50@gmail.com2021-02-20T12:18:16+00:00urn:sha1:0f34b25763de5286cb775f062942fe59eeef7f59
/etc/ima-policy > /etc/ima/ima-policy.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-integrity: fix issues with yocto-check-layer2020-01-04T18:55:26+00:00Armin Kusterakuster808@gmail.com2019-12-22T15:43:00+00:00urn:sha1:5d629ccb542fe8ce523ea0a53d8a505552004302
[v2]
re-did solutions
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs-framework-ima: correct IMA_POLICY name2019-09-07T15:32:50+00:00Armin Kusterakuster808@gmail.com2019-09-01T15:13:18+00:00urn:sha1:225c3bc7d07cbfbcde6eb2d9df166a54f7560a21
it had ima_policy_hashed and did not match the recipe
ima-policy-hashed
found by yocto-check-layer
Signed-off-by: Armin Kuster <akuster808@gmail.com>
initramfs: clean up to pull in packages.2019-05-28T14:38:52+00:00Armin Kusterakuster808@gmail.com2019-05-26T18:28:57+00:00urn:sha1:7b287954f7f342f5e4ae8ba22063945bff0b607e
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta-integrity: port over from meta-intel-iot-security2019-05-28T14:38:41+00:00Armin Kusterakuster808@gmail.com2019-05-16T22:41:49+00:00urn:sha1:6680225c05bb0834280307c223c3a545b088cbd3
Signed-off-by: Armin Kuster <akuster808@gmail.com>