mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 16:59:28 +00:00
Code Issues Projects Releases Wiki Activity
1,722 Commits 39 Branches 0 Tags
wrynose
Commit Graph

10 Commits

Author SHA1 Message Date
Mikko Rapeli 7028cd2266 initramfs-framework-ima: UNPACKDIR fix 
New poky uses UNPACKDIR instead of WORKDIR

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-07-31 21:10:13 -04:00
Armin Kuster b8554aae23 meta-integrity: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Ming Liu 076e75d5cc initramfs-framework-ima: introduce IMA_FORCE 
Introduce IMA_FORCE to allow the IMA policy be applied forcely even
'no_ima' boot parameter is available.

This ensures the end users have a way to disable 'no_ima' support if
they want to, because it may expose a security risk if an attacker can
find a way to change kernel arguments, it will easily bypass rootfs
authenticity checks.

Signed-off-by: Sergio Prado <sergio.prado@toradex.com>
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:07:11 -07:00
Ming Liu ffab25f929 initramfs-framework-ima: let ima_enabled return 0 
Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu 52bfc654e8 initramfs-framework-ima: RDEPENDS on ima-evm-keys 
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu 0f34b25763 initramfs-framework-ima: fix a wrong path 
/etc/ima-policy > /etc/ima/ima-policy.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster 5d629ccb54 meta-integrity: fix issues with yocto-check-layer 
[v2]
re-did solutions

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-04 10:55:26 -08:00
Armin Kuster 225c3bc7d0 initramfs-framework-ima: correct IMA_POLICY name 
it had ima_policy_hashed  and did not match the recipe
ima-policy-hashed

found by yocto-check-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-09-07 08:32:50 -07:00
Armin Kuster 7b287954f7 initramfs: clean up to pull in packages. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster 6680225c05 meta-integrity: port over from meta-intel-iot-security 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:41 -07:00