<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-integrity, branch walnascar</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=walnascar</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=walnascar'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2025-03-12T19:31:15+00:00</updated>
<entry>
<title>meta-integrity: Enable choice of creating IMA signatures or hashes</title>
<updated>2025-03-12T19:31:15+00:00</updated>
<author>
<name>Stefan Berger</name>
<email>stefanb@linux.ibm.com</email>
</author>
<published>2025-02-06T20:54:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a76a5c51283b9d361caf514dc5cdebd72b5b4ca1'/>
<id>urn:sha1:a76a5c51283b9d361caf514dc5cdebd72b5b4ca1</id>
<content type='text'>
When IMA and EVM are used for file appraisal then EVM verifies the
signature stored in security.evm. This signature covers file metadata
(uid, gid, mode bits, etc.) as well as the security.ima xattr.
Therefore, it is sufficient that only files' hashes are stored in
security.ima. This also leads to slight performance improvements
since IMA appraisal will then only verify that a file's hash matches
the expected hash stored in security.ima. EVM will ensure that the
signature over all the file metadata and security.ima xattr is
correct. Therefore, give the user control over whether to store file
signatures (--imasig) in ima.security or hashes (--imahash) by
setting the option in IMA_EVM_IMA_XATTR_OPT.

Only test-verify an IMA signature if --imasig is used as the option.

Signed-off-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-security: Remove True option to getVar calls</title>
<updated>2025-02-03T02:11:12+00:00</updated>
<author>
<name>akash hadke</name>
<email>akash.hadke27@gmail.com</email>
</author>
<published>2025-01-09T10:43:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=8fcbc47b9c56fe405a7a6d51ff0d8e2b756818ea'/>
<id>urn:sha1:8fcbc47b9c56fe405a7a6d51ff0d8e2b756818ea</id>
<content type='text'>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke &lt;akash.hadke27@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>oeqa runtime ima.py: skip without "integrity" in DISTRO_FEATURES</title>
<updated>2024-12-27T16:28:23+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-12-20T14:04:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=1f7cc51443cb6baa1de519df1a9c570b3f5cae2a'/>
<id>urn:sha1:1f7cc51443cb6baa1de519df1a9c570b3f5cae2a</id>
<content type='text'>
ima and meta-integrity are not enabled without and the test fails.

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: Update to walnascar (5.2) layer/release series</title>
<updated>2024-11-25T01:15:36+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-10-05T16:33:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0055dfe35d98bcfb11cb649c89a868ad9c163497'/>
<id>urn:sha1:0055dfe35d98bcfb11cb649c89a868ad9c163497</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>layer.conf: Update to styhead release name series</title>
<updated>2024-09-15T15:27:10+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-09-15T15:27:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5e742d7fb09f63c558738dc9ec728dfdc624cec4'/>
<id>urn:sha1:5e742d7fb09f63c558738dc9ec728dfdc624cec4</id>
<content type='text'>
few more layers to fixup

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy: Fix S=UNPACKDIR</title>
<updated>2024-08-01T01:10:13+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-07-29T23:59:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=03c0e8e03a6ff5633be47e0e2fb8c5021e6f5c96'/>
<id>urn:sha1:03c0e8e03a6ff5633be47e0e2fb8c5021e6f5c96</id>
<content type='text'>
Drop BP , these are files not src bundle

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy-simple: set S</title>
<updated>2024-08-01T01:10:13+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-07-25T09:01:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5a7efe2ed8584777ceaea862d7268ba08955a074'/>
<id>urn:sha1:5a7efe2ed8584777ceaea862d7268ba08955a074</id>
<content type='text'>
Build with latest poky fails without it

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy-appraise-all: set S</title>
<updated>2024-08-01T01:10:13+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-07-25T09:01:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7fd6a97183056d3f5eacc6a74fdd835359e4f9de'/>
<id>urn:sha1:7fd6a97183056d3f5eacc6a74fdd835359e4f9de</id>
<content type='text'>
Build with latest poky requires it

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy-hashed: set S</title>
<updated>2024-08-01T01:10:13+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-07-25T09:01:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=bcbe3fd60aa5b1d7d711b24b6ea72b5eee15a637'/>
<id>urn:sha1:bcbe3fd60aa5b1d7d711b24b6ea72b5eee15a637</id>
<content type='text'>
Build with latest poky fails without

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy-simple: UNPACKDIR fix</title>
<updated>2024-08-01T01:10:13+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-07-25T09:01:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=139d3e64876383f637fc09e21f5b16d9669d8373'/>
<id>urn:sha1:139d3e64876383f637fc09e21f5b16d9669d8373</id>
<content type='text'>
New poky uses UNPACKDIR instead of WORKDIR

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
