summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* systemd: work around circular dependency chains found if systemd is ↵Lans Zhang2017-08-091-4/+4
| | | | | | configured to enable cryptsetup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: fix the conditions of PACKAGECONFIG for ima and cryptsetupLans Zhang2017-08-042-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: enable ima and cryptsetupLans Zhang2017-08-042-0/+8
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptsetup: depend on lvm2 to include dmsetupLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: fix RDEPENDSLans Zhang2017-08-041-5/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-encrypted-storage: depend on meta-oeLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* kernel-initramfs: set the default priority to -1Lans Zhang2017-08-031-0/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: sync up with upstreamLans Zhang2017-08-032-8/+8
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: don't set CSV boot entry as the first boot optionLans Zhang2017-08-012-0/+50
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* create-user-key-store.sh: self-sign KEK and DBLans Zhang2017-08-011-2/+2
| | | | | | | UEFI spec never ask for the fact that KEK must be signed by PK and DB must be signed by KEK. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README.md: simplify the commits for boot flowLans Zhang2017-07-311-5/+5
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* rpm: remove PACKAGECONFIG[imaevm]Lans Zhang2017-07-281-1/+0
| | | | | | This setting is already merged to oe-core. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-287-24/+27
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* grub-efi: remove the depreciated replacement for initrd= parameterLans Zhang2017-07-281-7/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* grub/boot-menu.inc: use linux and initrd commands instead of chainloader to ↵Lans Zhang2017-07-271-2/+4
| | | | | | | | boot kernel Since bzImage is not signed during the build. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2.0-tss: remove systemd from inherit commandLans Zhang2017-07-271-1/+1
| | | | | | | The resource manager provided by this package is not used any more. Thus its systemd-related settings should be removed. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* packagegroup-encrypted-storage.inc: add cryptfs-tpm2Lans Zhang2017-07-271-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* initrdscripts-secure-core: install udevd and udevadm provided by either ↵Lans Zhang2017-07-261-3/+2
| | | | | | eudev or udev Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* initrdscripts-secure-core: don't install sysvinitLans Zhang2017-07-261-2/+0
| | | | | | /sbin/init should be covered by rootfs not here. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: set SYSTEM_TRUSTED only if ima is configuredLans Zhang2017-07-251-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* user-key-store.bbclass: don't run check_deploy_keys in parallelLans Zhang2017-07-251-0/+2
| | | | | | | | | | | Set lockfile for task check_deploy_keys() to avoid the race error from 'cp -af': cp: cannot create regular file '.../tmp/deploy/images/intel-x86-64/ sample-keys/uefi_sb_keys/DBX/DBX.key': File exists Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: move the default policy file to /etc/ima directoryLans Zhang2017-07-252-8/+10
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-efi-secure-boot/README: update to reflect using fallback to chainloader ↵Lans Zhang2017-07-251-12/+17
| | | | | | SELoader Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: use fallback loading SELoaderLans Zhang2017-07-244-24/+69
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* sbsigntool: code style fixupLans Zhang2017-07-241-21/+40
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* efivar: clean upLans Zhang2017-07-242-57/+0
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-efi-secure-boot: depend on meta-perlLans Zhang2017-07-242-17/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* shim: update to the latestLans Zhang2017-07-242-35/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* openssl-tpm-engine: fix cmdline parsing failure on arm platformLans Zhang2017-07-212-0/+35
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2simulator: add the native buildLans Zhang2017-07-212-0/+65
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* trouser: a minor fix for debug packageLans Zhang2017-07-211-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* IMA: allow to write policy but deny to read policyLans Zhang2017-07-201-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-tpm2: code style fixupLans Zhang2017-07-206-6/+9
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tss2.0-tss: don't create tss user accountLans Zhang2017-07-201-6/+0
| | | | | | | This user account is created by tpm2-abrmd which replaces the resourcemgr originally supplied by this recipe. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2-abrmd: update to the latest and code style fixupLans Zhang2017-07-202-326/+39
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2.0-tools: clean up .m4Lans Zhang2017-07-204-232/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2.0-tss: update to the latest and code style fixupLans Zhang2017-07-207-642/+45
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm2.0-tools: update to the latest and code style fixupLans Zhang2017-07-203-43/+31
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define the oe index nameLans Zhang2017-07-207-0/+16
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm-tools: update to the latest and code style fixupLans Zhang2017-07-205-45/+43
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tss-testsuite: update to the latest and code style fixupLans Zhang2017-07-204-99/+66
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* tpm-quote-tools: update to the latest and code style fixupLans Zhang2017-07-202-26/+27
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* pcr-extend: update to the latest and code style fixupLans Zhang2017-07-202-21/+27
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* openssl-tpm-engine: update to the latest and code style fixupLans Zhang2017-07-201-37/+45
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define new image type secure-core-minimal-imageLans Zhang2017-07-203-30/+35
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-tpm: code style fixupLans Zhang2017-07-207-18/+56
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: change the SECTIONLans Zhang2017-07-201-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* trousers: update to the latest and code style fixupLans Zhang2017-07-204-120/+117
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README: RPM5 signing is not supportedLans Zhang2017-07-191-1/+1
| | | | | | Instead, RPM4 is supported from now on. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README: don't include meta-secure-core as the sub-layerLans Zhang2017-07-191-2/+0
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-29 14:11:33 +0000