mirror of
https://git.yoctoproject.org/meta-security
synced 2026-05-30 00:21:42 +00:00
ima: Fix the IMA kernel feature
Fix the IMA kernel feature. Remove outdated patches and add ima.cfg holding kernel configuration options for IMA and EVM. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Stefan Berger
committed by
Armin Kuster
Armin Kuster
parent
cb8f26d82a
commit
f4f7624d2e
@@ -17,7 +17,7 @@ IMA_EVM_X509 ?= "${IMA_EVM_KEY_DIR}/x509_ima.der"
|
||||
# with a .x509 suffix. See linux-%.bbappend for details.
|
||||
#
|
||||
# ima-local-ca.x509 is what ima-gen-local-ca.sh creates.
|
||||
IMA_EVM_ROOT_CA ?= ""
|
||||
IMA_EVM_ROOT_CA ?= "${IMA_EVM_KEY_DIR}/ima-local-ca.pem"
|
||||
|
||||
# Sign all regular files by default.
|
||||
IMA_EVM_ROOTFS_SIGNED ?= ". -type f"
|
||||
@@ -31,6 +31,9 @@ IMA_EVM_ROOTFS_IVERSION ?= ""
|
||||
# Avoid re-generating fstab when ima is enabled.
|
||||
WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
|
||||
|
||||
# Add necessary tools (e.g., keyctl) to image
|
||||
IMAGE_INSTALL:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' ima-evm-utils', '', d)}"
|
||||
|
||||
ima_evm_sign_rootfs () {
|
||||
cd ${IMAGE_ROOTFS}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user