495 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Lans Zhang	7bd761d8bb	secure-core-image: install lsb packagegroup ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 13:01:04 +08:00
Lans Zhang	fbce2ce14b	meta-integrity: enable sign_rpm_ext to support rpm and file signing ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:58:05 +08:00
Lans Zhang	6ab1f54732	create-user-key-store.sh: clean up subject and support password protection for private key ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:54:40 +08:00
Lans Zhang	b9f73cac16	initrdscripts-secure-core: add RRECOMMENDS ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:50:32 +08:00
Lans Zhang	1f814daaf1	meta-signing-key: replace the sample keys ... - Remove USER@host from the certificate subject field - IMA signing key is protected by a password Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:49:05 +08:00
Lans Zhang	625c3c6b61	base-file: mount securityfs ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:47:52 +08:00
Lans Zhang	5d1376b6a0	IMA: clean up IMA signing ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-11 12:47:35 +08:00
Lans Zhang	6882f39224	init: don't need to create /proc /sys and /run ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-05 10:53:18 +08:00
Lans Zhang	7c83acd861	Clean up RDEPENDS ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-05 10:52:10 +08:00
Lans Zhang	487c89348d	cryptfs-tpm2: sync up with upstream ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-05 09:40:11 +08:00
Lans Zhang	35fb18863a	cryptfs-tpm2: code style fixup ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-05 09:29:09 +08:00
Lans Zhang	6ace7c99ba	init: clean up ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:22:12 +08:00
Lans Zhang	a9e266c481	ima-policy: enable policy check ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:21:48 +08:00
Lans Zhang	b736677f3f	initrdscripts-ima: clean up code style and RDEPENDS ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:20:59 +08:00
Lans Zhang	dda0659b71	init.ima: code style cleanup ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:20:07 +08:00
Lans Zhang	407c56068d	Code style fixup ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:19:42 +08:00
Lans Zhang	55492bcc10	initrdscripts-secure-core: clean up RDEPENDS ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:17:56 +08:00
Lans Zhang	f0f6b205e8	packagegroup-ima*: clean up the RDEPENDS ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:17:07 +08:00
Lans Zhang	71da40089f	initrdscripts-secure-core: renamed from initramfs-secure-core ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:15:30 +08:00
Lans Zhang	d9b358b374	initramfs-secure-core: clean up /init script ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 12:04:41 +08:00
Lans Zhang	572b7999c3	meta-integrity: implement the system trusted cert and IMA trusted cert ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-04 10:39:00 +08:00
Lans Zhang	34c28b6a2d	meta-signing-key: enable authorityKeyIdentifier for x509 v3 ... Otherwise the x509 parser in kernel cannot load a x509 certificate without authorityKeyIdentifier. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 20:55:25 +08:00
Lans Zhang	1ec1fed661	seloader: sync up with upstream ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:53:47 +08:00
Lans Zhang	167f41f260	meta-signing-keys: use DER-formatted system trusted key and signed IMA trusted key ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:52:18 +08:00
Lans Zhang	70e33652e5	user-key-store: clean up the code style ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:51:30 +08:00
Lans Zhang	353a003f1b	Use the DER-formatted system trusted key ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:50:59 +08:00
Lans Zhang	3816bb03fd	init: clean up code style ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:48:25 +08:00
Lans Zhang	81553a81fb	Rename .pem to .crt ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 15:47:53 +08:00
Lans Zhang	a93993cdc9	initramfs-secure-core: fix missing the license file ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 10:07:38 +08:00
Lans Zhang	c3f89c1931	initramfs-secure-core: define the /init script for the initramfs image ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 09:22:42 +08:00
Lans Zhang	5135786fa3	kernel-initramfs: define this package to include the initramfs image for kernel boot ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 09:21:44 +08:00
Lans Zhang	0551bc8d84	secure-core-image-initramfs: define the initramfs image type ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 09:18:51 +08:00
Lans Zhang	8c7accebab	secure-core-image: clean up the code style ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-03 09:16:40 +08:00
Lans Zhang	5233d3cf5e	shim: fix OVMF crash ... - httpboot.o cannot be built if ".PRECIOUS: " is placed ahead of "<tab>CFLAGS +=". - uri pointer should not be freed if NULL. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-30 17:07:20 +08:00
Lans Zhang	dcfd67c60b	shim: clean up the code style ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-30 13:41:37 +08:00
Lans Zhang	e664a331d5	code style fixup ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-29 10:52:06 +08:00
Lans Zhang	ad2d9c8e22	create-user-key-store.sh: restructured for self-signing and ca signing ... Meanwhile, the IMA user key is signed by system user key. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-29 10:46:13 +08:00
Lans Zhang	9fd5778732	secure-core-image: install ima-related packages if ima feature configured ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-26 12:50:52 +08:00
Lans Zhang	e280094b5b	shim: enable http boot support ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-26 11:43:10 +08:00
Lans Zhang	d82dc56d88	cryptfs-tpm2: sync up with upstream ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-26 11:42:18 +08:00
Lans Zhang	8e01c0a442	IMA: refresh kernel cfg ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-26 11:33:39 +08:00
Lans Zhang	dcc933df6e	linux-yocto-efi-secure-boot: don't use sccs to define the included kernel cfg ... The variable sccs is used internally and thus it will be corrupted by the external definition. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-26 11:25:31 +08:00
Meng Li	92f65d3394	openssl-tpm-engine: parse an encrypted tpm SRK password from env ... Before, we support reading SRK password from env TPM_SRK_PW, but it is a plain password and not secure. So, we improve it and support to get an encrypted (AES algorithm) SRK password from env, and then parse it. The default decrypting AES password and salt is set in bb file. When we initialize TPM, and set a SRK pw, and then we need to encrypt it with the same AES password and salt by AES algorithm. At last, we set a env as below: export TPM_SRK_ENC_PW=xxxxxxxx "xxxxxxxx" is the encrypted SRK password for libtpm.so. Signed-off-by: Meng Li <Meng.Li@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-23 21:52:57 +08:00
Guojian Zhou	e6c0acbede	Ignore the KEYS DIR in the do_package and do_sign task dependence ... Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-23 13:16:20 +08:00
Lans Zhang	1b3e594449	meta-secure-core: initial commit ... Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-06-22 15:24:04 +08:00