mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00
Code Issues Projects Releases Wiki Activity
856 Commits 38 Branches 0 Tags
a67a0cb1bdf3f0ea42be339964ba68c5ecc5e9ed
Commit Graph

34 Commits

Author SHA1 Message Date
Armin Kuster
e780c32dae meta-security: Add gatesgarth to LAYERSERIES_COMPAT 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-19 18:07:50 -07:00
Sajjad Ahmed
63e1cf3ffa layer.conf: use += instead of := to update BBFILES 
Updating BBFILES with := isn't the standard way and can break
parsing under certain conditions, instead use += which is widely used.

Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-10-15 21:40:02 -07:00
Armin Kuster
f876289913 meta-integrity: add dynamic-layer for strongswan 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-18 18:26:44 -07:00
Armin Kuster
9f8bdb7751 strongswan: Add bbappends for ima changes 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-07-18 18:26:44 -07:00
Martin Jansa
7f7897590c layer.conf: update LAYERSERIES_COMPAT for dunfell 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-03-27 16:53:25 -07:00
Armin Kuster
5d629ccb54 meta-integrity: fix issues with yocto-check-layer 
[v2]
re-did solutions

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-04 10:55:26 -08:00
Armin Kuster
72b05edff5 meta-security: add layer index callouts 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-07 15:31:34 -08:00
Armin Kuster
a0dee993cd layer.conf: Update for zeus series 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-11 07:41:01 -07:00
Armin Kuster
225c3bc7d0 initramfs-framework-ima: correct IMA_POLICY name 
it had ima_policy_hashed  and did not match the recipe
ima-policy-hashed

found by yocto-check-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-09-07 08:32:50 -07:00
Armin Kuster
563c2af19c integrity-image: IMA_EVM_KEY_DIR has no affect, remove 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-24 20:43:55 -07:00
Armin Kuster
0a32d622c8 meta-integrity: remove kernel fragments now in cache 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-15 20:10:33 -07:00
Dmitry Eremin-Solenikov
9549b76a90 layer.conf: switch to keyutils from meta-oe 
As pointer by Martin Jansa, keyutils package is now a part of meta-oe,
so switch to using keyutils from that layer.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-07 07:09:50 -07:00
Dmitry Eremin-Solenikov
eebe0ff18a linux: add support for kernel modules signing 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
 2019-08-07 07:09:50 -07:00
Dmitry Eremin-Solenikov
79bc2559fe kernel-modsign.bbclass: add support for kernel modules signing 
Add bbclass responsible for handling signing of kernel modules.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

fixup class to avoid including in every configure task

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-07 07:09:43 -07:00
Dmitry Eremin-Solenikov
c2ddc05c20 ima-evm-utils: bump to release 1.2.1 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 13:13:38 -07:00
Dmitry Eremin-Solenikov
c9c4e6c228 meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE 
data/debug-keys will be reused for demo modsign keys, so rename
IMA_EVM_BASE to more generic INTEGRITY_BASE.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
 2019-08-04 13:12:41 -07:00
lumag
fc20f45964 ima-evm-utils: refresh xattr patch 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 12:17:25 -07:00
lumag
2fa48c800d ima-evm-utils: bump version 
Currently selected SRCREV (782224f33cd711050cbf6146a12122cd73f9136b)
comes after 1.1 ima-evm-utils release, so bump PV accordingly.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 12:17:25 -07:00
lumag
964972ea01 layer.conf: add dependency on meta-security 
ima-evm-utils recipe depends on keyutils recipe which is a part of
meta-security layer.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 12:17:25 -07:00
Armin Kuster
f63db8ce1d ima-evm-utils: update to tip 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-06-26 15:47:47 -07:00
Armin Kuster
41708b0b0c image: add image for testing 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
4970243bfc runtime qa: moderize ima test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
7b287954f7 initramfs: clean up to pull in packages. 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
d1d4e78708 data: remove policies 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
cf0123e130 policy: add ima appraise all policy 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
1293478068 ima_policy_simple: add another sample policy 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
c84f39f8e0 ima-policy-hashed: add new recipe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
8910674d19 base-files: add appending to automount securityfs 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
e7771ce287 linux: update bbappend 
remove untested code

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
f26869aef3 ima.cfg: update to 5.0 kernel 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
756a1649b7 ima-evm-utils: cleanup and update to tip 
update to tip
backported patches to fix build issues.
fix native support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
d86d3353b2 README: update 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
b2587711d1 layer.conf: add LAYERSERIES_COMPAT 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
6680225c05 meta-integrity: port over from meta-intel-iot-security 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:41 -07:00