<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-integrity, branch scarthgap</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2025-11-24T17:04:14+00:00</updated>
<entry>
<title>meta-security: Remove True option to getVar calls</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>akash hadke</name>
<email>akash.hadke27@gmail.com</email>
</author>
<published>2025-01-09T10:46:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=de2be008d53a4182ae09be6d795c810a048cf3d5'/>
<id>urn:sha1:de2be008d53a4182ae09be6d795c810a048cf3d5</id>
<content type='text'>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke &lt;akash.hadke27@gmail.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>ima-evm-utils: remove unnecessary FILESEXTRAPATHS tweak</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2025-11-13T20:03:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=59ec478159365651daf57f2260b229d9ddd19d7b'/>
<id>urn:sha1:59ec478159365651daf57f2260b229d9ddd19d7b</id>
<content type='text'>
It was pointed out that the recipe was wrongly doing
FILESEXTRAPATHS:append, but on inspection the recipe does
not need it at all, so just remove.

Reported-by: Robert P. J. Day &lt;rpjday@crashcourse.ca&gt;
(cherry picked from commit 5770a76fc0d78a645ab254979986f572fd18b3ec)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>Update maintainers</title>
<updated>2025-11-22T06:40:12+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2025-06-27T18:46:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c8400db9147934ed3c557b4ecd41d54f6e6c321a'/>
<id>urn:sha1:c8400db9147934ed3c557b4ecd41d54f6e6c321a</id>
<content type='text'>
Add Marta and myself as maintainers for meta-security and the other
embedded layers that Armin had been maintaining.  To avoid Armin
getting bugged about individual recipes, set the RECIPE_MAINTAINER
variables to myself.

(backport from master)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>README.md: update to new patches mailing list</title>
<updated>2024-04-09T15:31:35+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-04-09T15:31:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d1522af21da8d799a8f397aef6359b5ed4dc07fe'/>
<id>urn:sha1:d1522af21da8d799a8f397aef6359b5ed4dc07fe</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: Update for the scarthgap release series</title>
<updated>2024-03-27T16:36:58+00:00</updated>
<author>
<name>Max Krummenacher</name>
<email>max.krummenacher@toradex.com</email>
</author>
<published>2024-03-17T15:51:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=2f89aa7e416878a61c5b5fdfd1bc361a28ce8853'/>
<id>urn:sha1:2f89aa7e416878a61c5b5fdfd1bc361a28ce8853</id>
<content type='text'>
Signed-off-by: Max Krummenacher &lt;max.krummenacher@toradex.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>integrity-image-minimal: Fix IMAGE_INSTALL</title>
<updated>2024-02-20T12:40:39+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2024-01-31T14:28:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=06979d554847d413cc59a219a60d3c4f6073aeed'/>
<id>urn:sha1:06979d554847d413cc59a219a60d3c4f6073aeed</id>
<content type='text'>
Append to IMAGE_INSTALL rather than directly setting the variable
and does it after inheriting core-image.bbclass because in it
IMAGE_INSTALL is set with a default value CORE_IMAGE_BASE_INSTALL.

Variable CORE_IMAGE_BASE_INSTALL includes CORE_IMAGE_EXTRA_INSTALL
so the change allows adding auditd to CORE_IMAGE_EXTRA_INSTALL as
per the instructions in meta-integrity/README.md.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>linux-yocto%.bbappend: Add audit.cfg</title>
<updated>2024-02-20T12:40:39+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2024-01-31T14:28:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d444b7d7dad2c3b7c86b17dc0eff3500111b427f'/>
<id>urn:sha1:d444b7d7dad2c3b7c86b17dc0eff3500111b427f</id>
<content type='text'>
Add audit.cfg configuration fragment. By default it is not appended
to SRC_URI. It allows enabling the audit kernel subsystem which may
help to debug appraisal issues. Boot with "integrity_audit=1" to
capture a more complete set of events in /var/log/audit/.

Previously the same configuration fragment was provided by layer
meta-security-framework but it is no longer maintained therefore it
makes sense to have audit.cfg in layer meta-integrity.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima,evm: Add two variables to write filenames and signatures into</title>
<updated>2023-11-08T12:09:28+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2023-11-01T17:13:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=070a1e82cc59424d230a23c0b2a104b01fbaa2ad'/>
<id>urn:sha1:070a1e82cc59424d230a23c0b2a104b01fbaa2ad</id>
<content type='text'>
Add two variables IMA_FILE_SIGNATURES_FILE and EVM_FILE_SIGNATURES_FILE
for filenames where the ima_evm_sign_rootfs script can write the names
of files and their IMA or EVM signatures into. Both variables are
optional. The content of the file with IMA signatures may look like
this:

/usr/bin/gpiodetect ima:0x0302046730eefd...
/usr/bin/pwscore ima:0x0302046730eefd004...

Having the filenames along with their signatures is useful for signing
files in the initrd when the initrd is running out of a tmpfs filesystem
that has support for xattrs. This allows to enable an IMA appraisal
policy already in the initrd where files must be signed as soon as the
policy becomes active.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: update LAYERSERIES_COMPAT for nanbield</title>
<updated>2023-09-11T11:18:19+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2023-09-10T09:59:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=1856a7cf437fa10d0851ffb8be079d119bb65b47'/>
<id>urn:sha1:1856a7cf437fa10d0851ffb8be079d119bb65b47</id>
<content type='text'>
* oe-core switched to nanbield in:
  https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6

Signed-off-by: Martin Jansa &lt;martin.jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer: add QA_WARNINGS to all layers</title>
<updated>2023-08-06T15:31:18+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-08-01T15:37:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b9bc938785ccbdf4337243a194fcad476fcde4c6'/>
<id>urn:sha1:b9bc938785ccbdf4337243a194fcad476fcde4c6</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
