Build ecryptfs as module. Needed by userspace counterparts in
ecryptfs-utils which are currently failing to start correctly
and thus downgrading systemd boot status from RUNNING to DEGRADED.
Fix is to build and install the kernel module.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
So that the security features in this layer can be used on the
rt kernel.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
These bbappends apply to multiple kernel versions so no
need to make them version dependent. Fixes recipe parsing when
using meta-security master branch on kirkstone. In our custom layer we
set layer compatibility for kirkstone and I understand why meta-security
upstream would not want to do that:
LAYERSERIES_COMPAT_security-layer += 'kirkstone'
LAYERSERIES_COMPAT_parsec-layer += 'kirkstone'
LAYERSERIES_COMPAT_tpm-layer += 'kirkstone'
While I work towards supporting also yocto master branch and newer
releases than kirkstone, I would appreciate if I would not have to
branch off layers over minor details like this.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
drop Makefile fixup patch. Use sed instead
LIC_FILES_CHKSUM update do to yr update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2]
Add LIC_FILES_CHKSUM change reason
see https://github.com/lkrg-org/lkrg
Support new stable and mainline kernels 5.14 to at least 5.16-rc*
Support new longterm kernels 5.4.118+, 4.19.191+, 4.14.233+
update SRC_URI as location changed.
refresh patch.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
For more info see: https://github.com/openwall/lkrg
Add to local.conf:
IMAGE_INSTALL_append = " kernel-module-lkrg"
Need these kconfig options enabled:
CONFIG_KALLSYMS_ALL=y
CONFIG_JUMP_LABEL=y
CONFIG_DEBUG_KERNEL=y
To invoke module:
sudo insmod {path-to-modules}/p_lkrg.ko kint_enforce=1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add checks that include dm-verity specific kernel config fragment
when dm-verity-img.bbclass is used.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As linux-yocto upgraded to 5.x in oe-core, update
the bbappend to 5.x to remove the warning:
WARNING: No recipes available for:
/buildarea/layers/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
[Droped 4.x part]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
v4.19 LTS has been dropped in poky in favor of v5.4. Drop the bbappend
from meta-security as right now the build fails.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set the correct path of kernel configuration file in linux-yocto_4.%.bbappend
to fix the build issue, which is "Fetcher failure for URL: 'file://apparmor.cfg'.
Unable to fetch URL from any source."
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
linux-yocto_4.1.bb recipe has been removed from oe-core master
and that triggers a bitbake error due to orphan bbappends
maintained in meta-security.
To fix the error, drop linux-yocto_4.1.bbappend plus the patches
and the config fragments for it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
