linux-yocto-integrity.inc is shared among linux-yocto linux-yocto-rt and
linux-yocto-dev and cannot be found with ${BPN} in the latter two.
ERROR: ParseError at layers/meta-secure-core/meta-integrity/recipes-kernel/linux/linux-yocto-dev.bbappend:1:
Could not include required file linux-yocto-dev-integrity.inc
ERROR: ParseError at layers/meta-secure-core/meta-integrity/recipes-kernel/linux/linux-yocto-rt_5.%.bbappend:1:
Could not include required file linux-yocto-rt-integrity.inc
Signed-off-by: He Zhe <zhe.he@windriver.com>
Fix the following warning:
[INFO]: the following symbols were not found in the active configuration:
- CONFIG_IMA_NG_TEMPLATE=y
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Since commit [b41010c linux-yocto-integrity: fix modsign key path] applied,
if MODSIGN_ENABLED is "0", bbclass user-key-store will not be inherited
which causing 'uks_modsign_keys_dir' is not defined
Unconditionally inherit user-key-store, but conditionally invoke
uks_modsign_keys_dir
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Use modsign key directly from uks_modsign_keys_path(d), rather than from
installed package.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
If sample keys are selected, key-store service will deploy IMA private
key during first boot, but beople may be confused if we deploy a sample
private key like "xxx.crt", so this commit is making sure key/cert on
target are consistent with key files on build system.
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
To make it easier to use this layer with various BSP layers we need to
ensure that we set CONFIG_SECURITY=y as that is in turn required by the
rest of our features, except for CONFIG_SECURITYFS
Signed-off-by: Tom Rini <trini@konsulko.com>
The kernel module will be stripped during do_package, including the
modsign signature.
Use INHIBIT_PACKAGE_STRIP=1 if modsign is configured.
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>