<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-integrity/recipes-core, branch test</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=test</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=test'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2021-04-12T14:07:11+00:00</updated>
<entry>
<title>initramfs-framework-ima: introduce IMA_FORCE</title>
<updated>2021-04-12T14:07:11+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-04-08T18:38:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=076e75d5cc1fe7b43af8dcd10d8b2b18af422c84'/>
<id>urn:sha1:076e75d5cc1fe7b43af8dcd10d8b2b18af422c84</id>
<content type='text'>
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado &lt;sergio.prado@toradex.com&gt;
Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: let ima_enabled return 0</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ffab25f929d8e78a909e1a2b362c05be83dee4bf'/>
<id>urn:sha1:ffab25f929d8e78a909e1a2b362c05be83dee4bf</id>
<content type='text'>
Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: RDEPENDS on ima-evm-keys</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=52bfc654e8a48a1fcfd89ba8750021c21718f6f5'/>
<id>urn:sha1:52bfc654e8a48a1fcfd89ba8750021c21718f6f5</id>
<content type='text'>
Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: fix a wrong path</title>
<updated>2021-02-24T04:34:51+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2021-02-20T12:18:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0f34b25763de5286cb775f062942fe59eeef7f59'/>
<id>urn:sha1:0f34b25763de5286cb775f062942fe59eeef7f59</id>
<content type='text'>
/etc/ima-policy &gt; /etc/ima/ima-policy.

Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: fix issues with yocto-check-layer</title>
<updated>2020-01-04T18:55:26+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-12-22T15:43:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5d629ccb542fe8ce523ea0a53d8a505552004302'/>
<id>urn:sha1:5d629ccb542fe8ce523ea0a53d8a505552004302</id>
<content type='text'>
[v2]
re-did solutions

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs-framework-ima: correct IMA_POLICY name</title>
<updated>2019-09-07T15:32:50+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-09-01T15:13:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=225c3bc7d07cbfbcde6eb2d9df166a54f7560a21'/>
<id>urn:sha1:225c3bc7d07cbfbcde6eb2d9df166a54f7560a21</id>
<content type='text'>
it had ima_policy_hashed  and did not match the recipe
ima-policy-hashed

found by yocto-check-layer

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>integrity-image: IMA_EVM_KEY_DIR has no affect, remove</title>
<updated>2019-08-25T03:43:55+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-08-12T01:50:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=563c2af19c1c34bf0370be79f2b07afc25b0bdb7'/>
<id>urn:sha1:563c2af19c1c34bf0370be79f2b07afc25b0bdb7</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE</title>
<updated>2019-08-04T20:12:41+00:00</updated>
<author>
<name>Dmitry Eremin-Solenikov</name>
<email>dmitry_eremin-solenikov@mentor.com</email>
</author>
<published>2019-07-28T15:31:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c9c4e6c228556cc2054a4b49f85b282fd69fc25c'/>
<id>urn:sha1:c9c4e6c228556cc2054a4b49f85b282fd69fc25c</id>
<content type='text'>
data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.

Signed-off-by: Dmitry Eremin-Solenikov &lt;dmitry_eremin-solenikov@mentor.com&gt;
</content>
</entry>
<entry>
<title>image: add image for testing</title>
<updated>2019-05-28T14:38:52+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-27T01:20:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=41708b0b0c32be7cf0387c595e0b03ad6b23ae4e'/>
<id>urn:sha1:41708b0b0c32be7cf0387c595e0b03ad6b23ae4e</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs: clean up to pull in packages.</title>
<updated>2019-05-28T14:38:52+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-26T18:28:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7b287954f7f342f5e4ae8ba22063945bff0b607e'/>
<id>urn:sha1:7b287954f7f342f5e4ae8ba22063945bff0b607e</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
