meta-secure-core: initial commit

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
This commit is contained in:
Lans Zhang
2017-06-22 15:22:01 +08:00
commit 1b3e594449
204 changed files with 14086 additions and 0 deletions
@@ -0,0 +1,18 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
IMA_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', '1', '0', d)}"
DEPENDS += "${@'key-store openssl-native' if d.getVar('IMA_ENABLED', True) == '1' else ''}"
# key-store-ima-cert is required in runtime but we hope it is available
# in initramfs only. So we don't add it to RDEPENDS_${PN} here.
SRC_URI += " \
${@'file://ima.scc file://ima.cfg' if d.getVar('IMA_ENABLED', True) == '1' else ''} \
"
do_configure_append() {
[ -f "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" ] &&
openssl x509 -in "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" \
-outform DER -out "${B}/system_trusted_cert.x509" ||
true
}
@@ -0,0 +1 @@
include linux-yocto-integrity.inc
@@ -0,0 +1,35 @@
..........................................................................
. WARNING
.
. This file is a kernel configuration fragment, and not a full kernel
. configuration file. The final kernel configuration is made up of
. an assembly of processed fragments, each of which is designed to
. capture a specific part of the final configuration (e.g. platform
. configuration, feature configuration, and board specific hardware
. configuration). For more information on kernel configuration, please
. consult the product documentation.
.
..........................................................................
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
# CONFIG_IMA_TEMPLATE is not set
# CONFIG_IMA_NG_TEMPLATE=y is not set
CONFIG_IMA_SIG_TEMPLATE=y
CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
CONFIG_IMA_DEFAULT_HASH="sha256"
CONFIG_IMA_APPRAISE=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_IMA_LOAD_X509=y
CONFIG_IMA_TRUSTED_KEYRING=y
CONFIG_IMA_X509_PATH="/etc/keys/x509_evm.der"
# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
CONFIG_AUDIT=y
CONFIG_INTEGRITY_AUDIT=y
@@ -0,0 +1,4 @@
define KFEATURE_DESCRIPTION "Integrity Measurement Architecture (IMA) enablement"
define KFEATURE_COMPATIBILITY board
kconf non-hardware ima.cfg
@@ -0,0 +1 @@
include linux-yocto-integrity.inc