mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-05-07 02:08:20 +00:00
Code Issues Projects Releases Wiki Activity
139 Commits 6 Branches 0 Tags
ead58497c844923821b6b33078c303674cc00d82
Commit Graph

139 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lans Zhang
ead58497c8 cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-16 11:20:18 +08:00
Lans Zhang
b7705a7587 README.md: update reference links 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-16 10:57:24 +08:00
Lans Zhang
9fc35f2627 meta-integrity/README.md: update 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-16 10:47:33 +08:00
Lans Zhang
4b41056970 sbsigntool: fix build failure with openssl-1.0.x 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-16 10:12:21 +08:00
Lans Zhang
eb08a619d8 init.ima: clean up and allow to load extra IMA policies from the real rootfs 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 16:15:38 +08:00
Lans Zhang
656706373f ima_policy: update the comment 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 16:14:31 +08:00
Lans Zhang
c8fff6a0ff meta-integrity/README.md: update 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 14:13:23 +08:00
Lans Zhang
c912483e87 sbsigntool: update to support openssl-1.1.0 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 13:12:38 +08:00
Lans Zhang
2c265a6fc3 meta-integrity/README.md: update 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 10:16:41 +08:00
Lans Zhang
09f1239567 meta-signing-key: clean up the default values of sample RPM signing key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-15 09:23:09 +08:00
Lans Zhang
b2c2716c20 meta-signing-key: renew the sample keys for UEFI Secure Boot 
The DB and KEK now are self-signed.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-14 15:07:57 +08:00
Lans Zhang
4a676cd301 create-user-key-store.sh: gpg key creation updates 
- code style fixup
- remove gen_rpm_keyring script
- check gpg version

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-11 16:39:22 +08:00
Lans Zhang
104a01a25d shim: refresh fallback patchset 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-11 14:14:39 +08:00
Lans Zhang
0951a620b5 init: don't explicitly set the LUKS partition name 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-09 10:54:48 +08:00
Lans Zhang
aa9b435b55 cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-09 10:53:47 +08:00
Lans Zhang
03a5d21586 shim: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-09 10:25:25 +08:00
Lans Zhang
1098d813ed systemd: work around circular dependency chains found if systemd is configured to enable cryptsetup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-09 09:52:17 +08:00
Lans Zhang
e8d6e006e7 systemd: fix the conditions of PACKAGECONFIG for ima and cryptsetup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-04 22:03:45 +08:00
Lans Zhang
dd9a695df8 systemd: enable ima and cryptsetup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-04 17:01:00 +08:00
Lans Zhang
8dd6733e31 cryptsetup: depend on lvm2 to include dmsetup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-04 16:36:41 +08:00
Lans Zhang
7610abb4c8 cryptfs-tpm2: fix RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-04 14:43:09 +08:00
Lans Zhang
909c571a60 meta-encrypted-storage: depend on meta-oe 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-04 14:42:36 +08:00
Lans Zhang
59c66fed7a kernel-initramfs: set the default priority to -1 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-03 14:38:11 +08:00
Lans Zhang
1078adea02 shim: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-03 09:56:12 +08:00
Lans Zhang
a3e1038d71 shim: don't set CSV boot entry as the first boot option 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-01 13:13:06 +08:00
Lans Zhang
7f3143523d create-user-key-store.sh: self-sign KEK and DB 
UEFI spec never ask for the fact that KEK must be signed by PK and
DB must be signed by KEK.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-08-01 10:40:59 +08:00
Lans Zhang
45748a09ef README.md: simplify the commits for boot flow 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-31 19:28:24 +08:00
Lans Zhang
50bd7859af rpm: remove PACKAGECONFIG[imaevm] 
This setting is already merged to oe-core.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-28 10:14:25 +08:00
Lans Zhang
f77e53d627 meta-secure-core: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-28 10:09:02 +08:00
Lans Zhang
afea92abb3 grub-efi: remove the depreciated replacement for initrd= parameter 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-28 10:01:20 +08:00
Lans Zhang
afdac6c3ca grub/boot-menu.inc: use linux and initrd commands instead of chainloader to boot kernel 
Since bzImage is not signed during the build.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-27 16:19:40 +08:00
Lans Zhang
71fc35c506 tpm2.0-tss: remove systemd from inherit command 
The resource manager provided by this package is not used any more.
Thus its systemd-related settings should be removed.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-27 13:26:42 +08:00
Lans Zhang
14cbd4685f packagegroup-encrypted-storage.inc: add cryptfs-tpm2 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-27 11:28:32 +08:00
Lans Zhang
c82c3c56e8 initrdscripts-secure-core: install udevd and udevadm provided by either eudev or udev 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-26 22:51:08 +08:00
Lans Zhang
4eaaa557ff initrdscripts-secure-core: don't install sysvinit 
/sbin/init should be covered by rootfs not here.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-26 22:40:48 +08:00
Lans Zhang
c28ebfb984 user-key-store.bbclass: set SYSTEM_TRUSTED only if ima is configured 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-25 21:17:23 +08:00
Lans Zhang
1546eb8538 user-key-store.bbclass: don't run check_deploy_keys in parallel 
Set lockfile for task check_deploy_keys() to avoid the race error from
'cp -af':

  cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/
    sample-keys/uefi_sb_keys/DBX/DBX.key': File exists

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-25 21:15:25 +08:00
Lans Zhang
77640af54c IMA: move the default policy file to /etc/ima directory 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-25 09:37:59 +08:00
Lans Zhang
567e817691 meta-efi-secure-boot/README: update to reflect using fallback to chainloader SELoader 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-25 09:33:16 +08:00
Lans Zhang
008b18270f shim: use fallback loading SELoader 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-24 17:14:51 +08:00
Lans Zhang
9b96939178 sbsigntool: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-24 12:21:44 +08:00
Lans Zhang
c929a3e3fc efivar: clean up 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-24 12:21:29 +08:00
Lans Zhang
2531d04180 meta-efi-secure-boot: depend on meta-perl 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-24 11:51:31 +08:00
Lans Zhang
189b6e56ab shim: update to the latest 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-24 09:32:55 +08:00
Lans Zhang
1212f2c974 openssl-tpm-engine: fix cmdline parsing failure on arm platform 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-21 17:14:19 +08:00
Lans Zhang
5726763b02 tpm2simulator: add the native build 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-21 11:43:53 +08:00
Lans Zhang
b8ea0f4da9 trouser: a minor fix for debug package 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-21 11:06:31 +08:00
Lans Zhang
c84c5efb45 IMA: allow to write policy but deny to read policy 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-20 16:14:15 +08:00
Lans Zhang
4d98ee98d2 meta-tpm2: code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-20 16:13:07 +08:00
Lans Zhang
b2ace92daf tss2.0-tss: don't create tss user account 
This user account is created by tpm2-abrmd which replaces the resourcemgr
originally supplied by this recipe.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-20 16:11:03 +08:00