mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-08 05:09:48 +00:00
Code Issues Projects Releases Wiki Activity
946 Commits 39 Branches 0 Tags
hardknott
Commit Graph

12 Commits

Author SHA1 Message Date
Ming Liu 611f8f59e0 initramfs-framework-ima: introduce IMA_FORCE 
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-14 07:06:13 -07:00
Ming Liu ffab25f929 initramfs-framework-ima: let ima_enabled return 0 
Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu 52bfc654e8 initramfs-framework-ima: RDEPENDS on ima-evm-keys 
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu 0f34b25763 initramfs-framework-ima: fix a wrong path 
/etc/ima-policy > /etc/ima/ima-policy.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster 5d629ccb54 meta-integrity: fix issues with yocto-check-layer 
[v2]
re-did solutions

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-04 10:55:26 -08:00
Armin Kuster 225c3bc7d0 initramfs-framework-ima: correct IMA_POLICY name 
it had ima_policy_hashed  and did not match the recipe
ima-policy-hashed

found by yocto-check-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-09-07 08:32:50 -07:00
Armin Kuster 563c2af19c integrity-image: IMA_EVM_KEY_DIR has no affect, remove 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-24 20:43:55 -07:00
Dmitry Eremin-Solenikov c9c4e6c228 meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE 
data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
 2019-08-04 13:12:41 -07:00
Armin Kuster 41708b0b0c image: add image for testing 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster 7b287954f7 initramfs: clean up to pull in packages. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster 8910674d19 base-files: add appending to automount securityfs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster 6680225c05 meta-integrity: port over from meta-intel-iot-security 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:41 -07:00