<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-integrity/recipes-core, branch scarthgap</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2024-02-20T12:40:39+00:00</updated>
<entry>
<title>integrity-image-minimal: Fix IMAGE_INSTALL</title>
<updated>2024-02-20T12:40:39+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2024-01-31T14:28:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=06979d554847d413cc59a219a60d3c4f6073aeed'/>
<id>urn:sha1:06979d554847d413cc59a219a60d3c4f6073aeed</id>
<content type='text'>
Append to IMAGE_INSTALL rather than directly setting the variable
and does it after inheriting core-image.bbclass because in it
IMAGE_INSTALL is set with a default value CORE_IMAGE_BASE_INSTALL.

Variable CORE_IMAGE_BASE_INSTALL includes CORE_IMAGE_EXTRA_INSTALL
so the change allows adding auditd to CORE_IMAGE_EXTRA_INSTALL as
per the instructions in meta-integrity/README.md.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>integrity-image-minimal: adapt QEMU cmdline to new changes</title>
<updated>2023-05-06T11:54:09+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-05-01T15:55:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5173c71cb488d016841c797acc12a7b16a1ef786'/>
<id>urn:sha1:5173c71cb488d016841c797acc12a7b16a1ef786</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: Convert to new override syntax</title>
<updated>2021-08-01T15:47:08+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2021-07-29T23:32:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b8554aae23cb66378866bff7d5ef6c6324fa486a'/>
<id>urn:sha1:b8554aae23cb66378866bff7d5ef6c6324fa486a</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: introduce IMA_FORCE</title>
<updated>2021-04-12T14:07:11+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-04-08T18:38:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=076e75d5cc1fe7b43af8dcd10d8b2b18af422c84'/>
<id>urn:sha1:076e75d5cc1fe7b43af8dcd10d8b2b18af422c84</id>
<content type='text'>
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado &lt;sergio.prado@toradex.com&gt;
Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: let ima_enabled return 0</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ffab25f929d8e78a909e1a2b362c05be83dee4bf'/>
<id>urn:sha1:ffab25f929d8e78a909e1a2b362c05be83dee4bf</id>
<content type='text'>
Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: RDEPENDS on ima-evm-keys</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=52bfc654e8a48a1fcfd89ba8750021c21718f6f5'/>
<id>urn:sha1:52bfc654e8a48a1fcfd89ba8750021c21718f6f5</id>
<content type='text'>
Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: fix a wrong path</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0f34b25763de5286cb775f062942fe59eeef7f59'/>
<id>urn:sha1:0f34b25763de5286cb775f062942fe59eeef7f59</id>
<content type='text'>
/etc/ima-policy &gt; /etc/ima/ima-policy.

Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: fix issues with yocto-check-layer</title>
<updated>2020-01-04T18:55:26+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-12-22T15:43:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5d629ccb542fe8ce523ea0a53d8a505552004302'/>
<id>urn:sha1:5d629ccb542fe8ce523ea0a53d8a505552004302</id>
<content type='text'>
[v2]
re-did solutions

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: correct IMA_POLICY name</title>
<updated>2019-09-07T15:32:50+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-09-01T15:13:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=225c3bc7d07cbfbcde6eb2d9df166a54f7560a21'/>
<id>urn:sha1:225c3bc7d07cbfbcde6eb2d9df166a54f7560a21</id>
<content type='text'>
it had ima_policy_hashed  and did not match the recipe
ima-policy-hashed

found by yocto-check-layer

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>integrity-image: IMA_EVM_KEY_DIR has no affect, remove</title>
<updated>2019-08-25T03:43:55+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-08-12T01:50:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=563c2af19c1c34bf0370be79f2b07afc25b0bdb7'/>
<id>urn:sha1:563c2af19c1c34bf0370be79f2b07afc25b0bdb7</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
