Lans Zhang
|
9c8ddd5bd3
|
IMA: enable RPM file signing if ima is configured
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-19 09:56:29 +08:00 |
|
Lans Zhang
|
ea2ae90be4
|
rpm: allow to enable IMA signing
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-18 13:51:07 +08:00 |
|
Lans Zhang
|
a50e927a87
|
seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 15:54:12 +08:00 |
|
Lans Zhang
|
f04c4eaf6a
|
Add the missing COPYING.MIT files
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 15:31:14 +08:00 |
|
Lans Zhang
|
e203bcf9a1
|
meta-efi-secure-boot/README.md: update
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 15:28:43 +08:00 |
|
Lans Zhang
|
a93ddfe82d
|
libfile-slurp: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 13:18:10 +08:00 |
|
Lans Zhang
|
9de8b3cf78
|
seloader,libsign: fix homepage URLs
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 13:14:47 +08:00 |
|
Lans Zhang
|
fe026e84a4
|
cryptfs-tpm2: add author and homepage info
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 13:11:47 +08:00 |
|
Lans Zhang
|
8dbce3e3a0
|
efitools: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 13:09:41 +08:00 |
|
Lans Zhang
|
19ddae93db
|
create-user-key-store.sh: add the support of the creation for RPM signing
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 12:46:48 +08:00 |
|
Lans Zhang
|
6d7f0155e3
|
seloader, libsign, cryptfs-tpm2: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 10:27:45 +08:00 |
|
Lans Zhang
|
3af3588ab2
|
grub-efi: carry forward mok2verify to grub-2.02
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-13 10:26:43 +08:00 |
|
Lans Zhang
|
c071ce2d07
|
packagegroup-efi-secure-boot: make sure grub never be installed
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-12 15:37:09 +08:00 |
|
Lans Zhang
|
480f1f03a0
|
grub-efi: rebased to 2.02
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-12 15:36:46 +08:00 |
|
Lans Zhang
|
bd15d9c37b
|
Add .github/CODEOWNERS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-12 13:35:52 +08:00 |
|
Lans Zhang
|
676968891f
|
Fix the occurrence of checking the existence of signing keys
packagegroups are not the end consumers of using user-key-store.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-12 11:22:40 +08:00 |
|
Lans Zhang
|
77d7993c43
|
key-store-rpm-pubkey: fix installation failure
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 16:34:49 +08:00 |
|
Lans Zhang
|
a91fbd1776
|
packagegroup-efi-secure-boot/packagegroup-ima: depend on check_deploy_keys
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:15:00 +08:00 |
|
Lans Zhang
|
c0451db34b
|
README: fix a typo
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:13:36 +08:00 |
|
Lans Zhang
|
473d7cf3fd
|
README: cleanup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:08:45 +08:00 |
|
Lans Zhang
|
0f3911c740
|
keyutils: fix build failure with ppc
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:06:56 +08:00 |
|
Lans Zhang
|
6f8d513d62
|
README: cleanup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:04:26 +08:00 |
|
Lans Zhang
|
251910fb89
|
user-key-store: don't call anonymous function
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 14:02:38 +08:00 |
|
Lans Zhang
|
7c7f7f94a1
|
mokutil: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 13:54:36 +08:00 |
|
Lans Zhang
|
24712cbb02
|
mokutil: add the COMPATIBLE_HOST
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 13:51:41 +08:00 |
|
Lans Zhang
|
02ae233112
|
shim: enable http boot support
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 13:49:22 +08:00 |
|
Lans Zhang
|
7bd761d8bb
|
secure-core-image: install lsb packagegroup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 13:01:04 +08:00 |
|
Lans Zhang
|
fbce2ce14b
|
meta-integrity: enable sign_rpm_ext to support rpm and file signing
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:58:05 +08:00 |
|
Lans Zhang
|
6ab1f54732
|
create-user-key-store.sh: clean up subject and support password protection for private key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:54:40 +08:00 |
|
Lans Zhang
|
b9f73cac16
|
initrdscripts-secure-core: add RRECOMMENDS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:50:32 +08:00 |
|
Lans Zhang
|
1f814daaf1
|
meta-signing-key: replace the sample keys
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:49:05 +08:00 |
|
Lans Zhang
|
625c3c6b61
|
base-file: mount securityfs
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:47:52 +08:00 |
|
Lans Zhang
|
5d1376b6a0
|
IMA: clean up IMA signing
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-11 12:47:35 +08:00 |
|
Lans Zhang
|
6882f39224
|
init: don't need to create /proc /sys and /run
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-05 10:53:18 +08:00 |
|
Lans Zhang
|
7c83acd861
|
Clean up RDEPENDS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-05 10:52:10 +08:00 |
|
Lans Zhang
|
487c89348d
|
cryptfs-tpm2: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-05 09:40:11 +08:00 |
|
Lans Zhang
|
35fb18863a
|
cryptfs-tpm2: code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-05 09:29:09 +08:00 |
|
Lans Zhang
|
6ace7c99ba
|
init: clean up
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:22:12 +08:00 |
|
Lans Zhang
|
a9e266c481
|
ima-policy: enable policy check
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:21:48 +08:00 |
|
Lans Zhang
|
b736677f3f
|
initrdscripts-ima: clean up code style and RDEPENDS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:20:59 +08:00 |
|
Lans Zhang
|
dda0659b71
|
init.ima: code style cleanup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:20:07 +08:00 |
|
Lans Zhang
|
407c56068d
|
Code style fixup
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:19:42 +08:00 |
|
Lans Zhang
|
55492bcc10
|
initrdscripts-secure-core: clean up RDEPENDS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:17:56 +08:00 |
|
Lans Zhang
|
f0f6b205e8
|
packagegroup-ima*: clean up the RDEPENDS
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:17:07 +08:00 |
|
Lans Zhang
|
71da40089f
|
initrdscripts-secure-core: renamed from initramfs-secure-core
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 17:15:30 +08:00 |
|
Lans Zhang
|
d9b358b374
|
initramfs-secure-core: clean up /init script
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 12:04:41 +08:00 |
|
Lans Zhang
|
572b7999c3
|
meta-integrity: implement the system trusted cert and IMA trusted cert
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-04 10:39:00 +08:00 |
|
Lans Zhang
|
34c28b6a2d
|
meta-signing-key: enable authorityKeyIdentifier for x509 v3
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-03 20:55:25 +08:00 |
|
Lans Zhang
|
1ec1fed661
|
seloader: sync up with upstream
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-03 15:53:47 +08:00 |
|
Lans Zhang
|
167f41f260
|
meta-signing-keys: use DER-formatted system trusted key and signed IMA trusted key
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
2017-07-03 15:52:18 +08:00 |
|