meta-secure-core

mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-05-07 02:08:20 +00:00

Author	SHA1	Message	Date
Lans Zhang	a3e1038d71	shim: don't set CSV boot entry as the first boot option Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-08-01 13:13:06 +08:00
Lans Zhang	7f3143523d	create-user-key-store.sh: self-sign KEK and DB UEFI spec never ask for the fact that KEK must be signed by PK and DB must be signed by KEK. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-08-01 10:40:59 +08:00
Lans Zhang	45748a09ef	README.md: simplify the commits for boot flow Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-31 19:28:24 +08:00
Lans Zhang	50bd7859af	rpm: remove PACKAGECONFIG[imaevm] This setting is already merged to oe-core. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-28 10:14:25 +08:00
Lans Zhang	f77e53d627	meta-secure-core: code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-28 10:09:02 +08:00
Lans Zhang	afea92abb3	grub-efi: remove the depreciated replacement for initrd= parameter Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-28 10:01:20 +08:00
Lans Zhang	afdac6c3ca	grub/boot-menu.inc: use linux and initrd commands instead of chainloader to boot kernel Since bzImage is not signed during the build. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-27 16:19:40 +08:00
Lans Zhang	71fc35c506	tpm2.0-tss: remove systemd from inherit command The resource manager provided by this package is not used any more. Thus its systemd-related settings should be removed. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-27 13:26:42 +08:00
Lans Zhang	14cbd4685f	packagegroup-encrypted-storage.inc: add cryptfs-tpm2 Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-27 11:28:32 +08:00
Lans Zhang	c82c3c56e8	initrdscripts-secure-core: install udevd and udevadm provided by either eudev or udev Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-26 22:51:08 +08:00
Lans Zhang	4eaaa557ff	initrdscripts-secure-core: don't install sysvinit /sbin/init should be covered by rootfs not here. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-26 22:40:48 +08:00
Lans Zhang	c28ebfb984	user-key-store.bbclass: set SYSTEM_TRUSTED only if ima is configured Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-25 21:17:23 +08:00
Lans Zhang	1546eb8538	user-key-store.bbclass: don't run check_deploy_keys in parallel Set lockfile for task check_deploy_keys() to avoid the race error from 'cp -af': cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/ sample-keys/uefi_sb_keys/DBX/DBX.key': File exists Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-25 21:15:25 +08:00
Lans Zhang	77640af54c	IMA: move the default policy file to /etc/ima directory Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-25 09:37:59 +08:00
Lans Zhang	567e817691	meta-efi-secure-boot/README: update to reflect using fallback to chainloader SELoader Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-25 09:33:16 +08:00
Lans Zhang	008b18270f	shim: use fallback loading SELoader Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-24 17:14:51 +08:00
Lans Zhang	9b96939178	sbsigntool: code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-24 12:21:44 +08:00
Lans Zhang	c929a3e3fc	efivar: clean up Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-24 12:21:29 +08:00
Lans Zhang	2531d04180	meta-efi-secure-boot: depend on meta-perl Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-24 11:51:31 +08:00
Lans Zhang	189b6e56ab	shim: update to the latest Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-24 09:32:55 +08:00
Lans Zhang	1212f2c974	openssl-tpm-engine: fix cmdline parsing failure on arm platform Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-21 17:14:19 +08:00
Lans Zhang	5726763b02	tpm2simulator: add the native build Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-21 11:43:53 +08:00
Lans Zhang	b8ea0f4da9	trouser: a minor fix for debug package Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-21 11:06:31 +08:00
Lans Zhang	c84c5efb45	IMA: allow to write policy but deny to read policy Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 16:14:15 +08:00
Lans Zhang	4d98ee98d2	meta-tpm2: code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 16:13:07 +08:00
Lans Zhang	b2ace92daf	tss2.0-tss: don't create tss user account This user account is created by tpm2-abrmd which replaces the resourcemgr originally supplied by this recipe. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 16:11:03 +08:00
Lans Zhang	17376a2062	tpm2-abrmd: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 16:10:13 +08:00
Lans Zhang	c53a21104b	tpm2.0-tools: clean up .m4 Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 15:54:46 +08:00
Lans Zhang	9b7c0d98ca	tpm2.0-tss: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 15:50:46 +08:00
Lans Zhang	e8aee2ab91	tpm2.0-tools: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 15:21:04 +08:00
Lans Zhang	e874405319	meta-secure-core: define the oe index name Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 14:17:27 +08:00
Lans Zhang	ede9a4f871	tpm-tools: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 13:51:38 +08:00
Lans Zhang	d5ea27e293	tss-testsuite: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 13:32:44 +08:00
Lans Zhang	9ee97956a6	tpm-quote-tools: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 13:16:05 +08:00
Lans Zhang	788b69e11b	pcr-extend: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 11:23:44 +08:00
Lans Zhang	6fd899a866	openssl-tpm-engine: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 10:58:22 +08:00
Lans Zhang	6f7bf76d94	meta-secure-core: define new image type secure-core-minimal-image Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 10:30:41 +08:00
Lans Zhang	dffeaacd06	meta-tpm: code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 10:30:19 +08:00
Lans Zhang	a654b0702f	cryptfs-tpm2: change the SECTION Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 10:29:04 +08:00
Lans Zhang	3df0a11acc	trousers: update to the latest and code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-20 10:28:20 +08:00
Lans Zhang	42ac614ecc	README: RPM5 signing is not supported Instead, RPM4 is supported from now on. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-19 14:13:05 +08:00
Lans Zhang	86a9006cfb	README: don't include meta-secure-core as the sub-layer Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-19 14:05:24 +08:00
Lans Zhang	dbd94168ce	README update Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-19 10:57:08 +08:00
Lans Zhang	3eadb6ce1c	sign_rpm_ext: remove the test lines Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-19 10:56:47 +08:00
Lans Zhang	9c8ddd5bd3	IMA: enable RPM file signing if ima is configured Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-19 09:56:29 +08:00
Lans Zhang	ea2ae90be4	rpm: allow to enable IMA signing Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-18 13:51:07 +08:00
Lans Zhang	a50e927a87	seloader: sync up with upstream Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-13 15:54:12 +08:00
Lans Zhang	f04c4eaf6a	Add the missing COPYING.MIT files Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-13 15:31:14 +08:00
Lans Zhang	e203bcf9a1	meta-efi-secure-boot/README.md: update Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-13 15:28:43 +08:00
Lans Zhang	a93ddfe82d	libfile-slurp: code style fixup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>	2017-07-13 13:18:10 +08:00

1 2 3

115 Commits