9 Commits

Author SHA1 Message Date
Yunguo Wei 37a59625e5 key-store: rename ima private key and certificate on target
If sample keys are selected, key-store service will deploy IMA private
key during first boot, but beople may be confused if we deploy a sample
private key like "xxx.crt", so this commit is making sure key/cert on
target are consistent with key files on build system.

Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
2018-11-07 14:22:47 +08:00
Jia Zhang f1ac8a4553 ima/linux-yocto: Enable CONFIG_IMA_READ_POLICY and CONFIG_IMA_APPRAISE_BOOTPARAM
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-03-19 21:25:15 -04:00
Jia Zhang 73cae2678d integrity/linux-yocto: Enable CONFIG_SYSTEM_BLACKLIST_KEYRING
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2018-03-19 21:24:13 -04:00
Tom Rini 184dc8bb25 meta-integrity: Ensure that we have CONFIG_SECURITY enabled in the kernel
To make it easier to use this layer with various BSP layers we need to
ensure that we set CONFIG_SECURITY=y as that is in turn required by the
rest of our features, except for CONFIG_SECURITYFS

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-02-22 09:12:30 +08:00
Jia Zhang 59ca43808c meta-integrity: enable modsign support in kernel
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
2017-11-21 09:32:12 -05:00
Lans Zhang c84c5efb45 IMA: allow to write policy but deny to read policy
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-20 16:14:15 +08:00
Lans Zhang 572b7999c3 meta-integrity: implement the system trusted cert and IMA trusted cert
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-07-04 10:39:00 +08:00
Lans Zhang 8e01c0a442 IMA: refresh kernel cfg
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-26 11:33:39 +08:00
Lans Zhang 1b3e594449 meta-secure-core: initial commit
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
2017-06-22 15:24:04 +08:00