mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-05-07 10:09:22 +00:00
Code Issues Projects Releases Wiki Activity
109 Commits 6 Branches 0 Tags
afdac6c3caaf36207248e3cbb06c1c9317481b92
Commit Graph

109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lans Zhang c071ce2d07 packagegroup-efi-secure-boot: make sure grub never be installed 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-12 15:37:09 +08:00
Lans Zhang 480f1f03a0 grub-efi: rebased to 2.02 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-12 15:36:46 +08:00
Lans Zhang bd15d9c37b Add .github/CODEOWNERS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-12 13:35:52 +08:00
Lans Zhang 676968891f Fix the occurrence of checking the existence of signing keys 
packagegroups are not the end consumers of using user-key-store.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-12 11:22:40 +08:00
Lans Zhang 77d7993c43 key-store-rpm-pubkey: fix installation failure 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 16:34:49 +08:00
Lans Zhang a91fbd1776 packagegroup-efi-secure-boot/packagegroup-ima: depend on check_deploy_keys 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:15:00 +08:00
Lans Zhang c0451db34b README: fix a typo 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:13:36 +08:00
Lans Zhang 473d7cf3fd README: cleanup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:08:45 +08:00
Lans Zhang 0f3911c740 keyutils: fix build failure with ppc 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:06:56 +08:00
Lans Zhang 6f8d513d62 README: cleanup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:04:26 +08:00
Lans Zhang 251910fb89 user-key-store: don't call anonymous function 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 14:02:38 +08:00
Lans Zhang 7c7f7f94a1 mokutil: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:54:36 +08:00
Lans Zhang 24712cbb02 mokutil: add the COMPATIBLE_HOST 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:51:41 +08:00
Lans Zhang 02ae233112 shim: enable http boot support 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:49:22 +08:00
Lans Zhang 7bd761d8bb secure-core-image: install lsb packagegroup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 13:01:04 +08:00
Lans Zhang fbce2ce14b meta-integrity: enable sign_rpm_ext to support rpm and file signing 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:58:05 +08:00
Lans Zhang 6ab1f54732 create-user-key-store.sh: clean up subject and support password protection for private key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:54:40 +08:00
Lans Zhang b9f73cac16 initrdscripts-secure-core: add RRECOMMENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:50:32 +08:00
Lans Zhang 1f814daaf1 meta-signing-key: replace the sample keys 
- Remove USER@host from the certificate subject field
- IMA signing key is protected by a password

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:49:05 +08:00
Lans Zhang 625c3c6b61 base-file: mount securityfs 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:47:52 +08:00
Lans Zhang 5d1376b6a0 IMA: clean up IMA signing 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-11 12:47:35 +08:00
Lans Zhang 6882f39224 init: don't need to create /proc /sys and /run 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 10:53:18 +08:00
Lans Zhang 7c83acd861 Clean up RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 10:52:10 +08:00
Lans Zhang 487c89348d cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 09:40:11 +08:00
Lans Zhang 35fb18863a cryptfs-tpm2: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-05 09:29:09 +08:00
Lans Zhang 6ace7c99ba init: clean up 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:22:12 +08:00
Lans Zhang a9e266c481 ima-policy: enable policy check 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:21:48 +08:00
Lans Zhang b736677f3f initrdscripts-ima: clean up code style and RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:20:59 +08:00
Lans Zhang dda0659b71 init.ima: code style cleanup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:20:07 +08:00
Lans Zhang 407c56068d Code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:19:42 +08:00
Lans Zhang 55492bcc10 initrdscripts-secure-core: clean up RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:17:56 +08:00
Lans Zhang f0f6b205e8 packagegroup-ima*: clean up the RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:17:07 +08:00
Lans Zhang 71da40089f initrdscripts-secure-core: renamed from initramfs-secure-core 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:15:30 +08:00
Lans Zhang d9b358b374 initramfs-secure-core: clean up /init script 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 12:04:41 +08:00
Lans Zhang 572b7999c3 meta-integrity: implement the system trusted cert and IMA trusted cert 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 10:39:00 +08:00
Lans Zhang 34c28b6a2d meta-signing-key: enable authorityKeyIdentifier for x509 v3 
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 20:55:25 +08:00
Lans Zhang 1ec1fed661 seloader: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:53:47 +08:00
Lans Zhang 167f41f260 meta-signing-keys: use DER-formatted system trusted key and signed IMA trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:52:18 +08:00
Lans Zhang 70e33652e5 user-key-store: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:51:30 +08:00
Lans Zhang 353a003f1b Use the DER-formatted system trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:50:59 +08:00
Lans Zhang 3816bb03fd init: clean up code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:48:25 +08:00
Lans Zhang 81553a81fb Rename .pem to .crt 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:47:53 +08:00
Lans Zhang a93993cdc9 initramfs-secure-core: fix missing the license file 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 10:07:38 +08:00
Lans Zhang c3f89c1931 initramfs-secure-core: define the /init script for the initramfs image 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:22:42 +08:00
Lans Zhang 5135786fa3 kernel-initramfs: define this package to include the initramfs image for kernel boot 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:21:44 +08:00
Lans Zhang 0551bc8d84 secure-core-image-initramfs: define the initramfs image type 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:18:51 +08:00
Lans Zhang 8c7accebab secure-core-image: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:16:40 +08:00
Lans Zhang 5233d3cf5e shim: fix OVMF crash 
- httpboot.o cannot be built if ".PRECIOUS: " is placed ahead
  of "<tab>CFLAGS +=".
- uri pointer should not be freed if NULL.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 17:07:20 +08:00
Lans Zhang dcfd67c60b shim: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 13:41:37 +08:00
Lans Zhang e664a331d5 code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-29 10:52:06 +08:00