mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-05-07 10:09:22 +00:00
Code Issues Projects Releases Wiki Activity
51 Commits 6 Branches 0 Tags
0f3911c740bb74f5b3783adee76ebf4b02be8c76
Commit Graph

51 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lans Zhang 0f3911c740 keyutils: fix build failure with ppc 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:06:56 +08:00
Lans Zhang 6f8d513d62 README: cleanup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:04:26 +08:00
Lans Zhang 251910fb89 user-key-store: don't call anonymous function 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:02:38 +08:00
Lans Zhang 7c7f7f94a1 mokutil: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:54:36 +08:00
Lans Zhang 24712cbb02 mokutil: add the COMPATIBLE_HOST 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:51:41 +08:00
Lans Zhang 02ae233112 shim: enable http boot support 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:49:22 +08:00
Lans Zhang 7bd761d8bb secure-core-image: install lsb packagegroup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:01:04 +08:00
Lans Zhang fbce2ce14b meta-integrity: enable sign_rpm_ext to support rpm and file signing 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:58:05 +08:00
Lans Zhang 6ab1f54732 create-user-key-store.sh: clean up subject and support password protection for private key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:54:40 +08:00
Lans Zhang b9f73cac16 initrdscripts-secure-core: add RRECOMMENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:50:32 +08:00
Lans Zhang 1f814daaf1 meta-signing-key: replace the sample keys 
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:49:05 +08:00
Lans Zhang 625c3c6b61 base-file: mount securityfs 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:47:52 +08:00
Lans Zhang 5d1376b6a0 IMA: clean up IMA signing 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:47:35 +08:00
Lans Zhang 6882f39224 init: don't need to create /proc /sys and /run 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 10:53:18 +08:00
Lans Zhang 7c83acd861 Clean up RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 10:52:10 +08:00
Lans Zhang 487c89348d cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 09:40:11 +08:00
Lans Zhang 35fb18863a cryptfs-tpm2: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 09:29:09 +08:00
Lans Zhang 6ace7c99ba init: clean up 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:22:12 +08:00
Lans Zhang a9e266c481 ima-policy: enable policy check 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:21:48 +08:00
Lans Zhang b736677f3f initrdscripts-ima: clean up code style and RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:20:59 +08:00
Lans Zhang dda0659b71 init.ima: code style cleanup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:20:07 +08:00
Lans Zhang 407c56068d Code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:19:42 +08:00
Lans Zhang 55492bcc10 initrdscripts-secure-core: clean up RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:17:56 +08:00
Lans Zhang f0f6b205e8 packagegroup-ima*: clean up the RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:17:07 +08:00
Lans Zhang 71da40089f initrdscripts-secure-core: renamed from initramfs-secure-core 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:15:30 +08:00
Lans Zhang d9b358b374 initramfs-secure-core: clean up /init script 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 12:04:41 +08:00
Lans Zhang 572b7999c3 meta-integrity: implement the system trusted cert and IMA trusted cert 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 10:39:00 +08:00
Lans Zhang 34c28b6a2d meta-signing-key: enable authorityKeyIdentifier for x509 v3 
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 20:55:25 +08:00
Lans Zhang 1ec1fed661 seloader: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:53:47 +08:00
Lans Zhang 167f41f260 meta-signing-keys: use DER-formatted system trusted key and signed IMA trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:52:18 +08:00
Lans Zhang 70e33652e5 user-key-store: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:51:30 +08:00
Lans Zhang 353a003f1b Use the DER-formatted system trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:50:59 +08:00
Lans Zhang 3816bb03fd init: clean up code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:48:25 +08:00
Lans Zhang 81553a81fb Rename .pem to .crt 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:47:53 +08:00
Lans Zhang a93993cdc9 initramfs-secure-core: fix missing the license file 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 10:07:38 +08:00
Lans Zhang c3f89c1931 initramfs-secure-core: define the /init script for the initramfs image 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:22:42 +08:00
Lans Zhang 5135786fa3 kernel-initramfs: define this package to include the initramfs image for kernel boot 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:21:44 +08:00
Lans Zhang 0551bc8d84 secure-core-image-initramfs: define the initramfs image type 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:18:51 +08:00
Lans Zhang 8c7accebab secure-core-image: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:16:40 +08:00
Lans Zhang 5233d3cf5e shim: fix OVMF crash 
- httpboot.o cannot be built if ".PRECIOUS: " is placed ahead
  of "<tab>CFLAGS +=".
- uri pointer should not be freed if NULL.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 17:07:20 +08:00
Lans Zhang dcfd67c60b shim: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 13:41:37 +08:00
Lans Zhang e664a331d5 code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-29 10:52:06 +08:00
Lans Zhang ad2d9c8e22 create-user-key-store.sh: restructured for self-signing and ca signing 
Meanwhile, the IMA user key is signed by system user key.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-29 10:46:13 +08:00
Lans Zhang 9fd5778732 secure-core-image: install ima-related packages if ima feature configured 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 12:50:52 +08:00
Lans Zhang e280094b5b shim: enable http boot support 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:43:10 +08:00
Lans Zhang d82dc56d88 cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:42:18 +08:00
Lans Zhang 8e01c0a442 IMA: refresh kernel cfg 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:33:39 +08:00
Lans Zhang dcc933df6e linux-yocto-efi-secure-boot: don't use sccs to define the included kernel cfg 
The variable sccs is used internally and thus it will be corrupted by the external
definition.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:25:31 +08:00
Meng Li 92f65d3394 openssl-tpm-engine: parse an encrypted tpm SRK password from env 
Before, we support reading SRK password from env TPM_SRK_PW,
but it is a plain password and not secure.
So, we improve it and support to get an encrypted (AES algorithm)
SRK password from env, and then parse it. The default decrypting
AES password and salt is set in bb file.
When we initialize TPM, and set a SRK pw, and then we need to
encrypt it with the same AES password and salt by AES algorithm.
At last, we set a env as below:
export TPM_SRK_ENC_PW=xxxxxxxx
"xxxxxxxx" is the encrypted SRK password for libtpm.so.

Signed-off-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-23 21:52:57 +08:00
Guojian Zhou e6c0acbede Ignore the KEYS DIR in the do_package and do_sign task dependence 
Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-23 13:16:20 +08:00