summaryrefslogtreecommitdiffstats
path: root/meta-encrypted-storage
Commit message (Collapse)AuthorAgeFilesLines
* recipes: update SRC_URI branch and protocolsYi Zhao2021-11-151-1/+1
| | | | | | | Update SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* cryptfs-tpm2: upgrade to latest git revYi Zhao2021-11-123-83/+1
| | | | | | Drop backported patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* cryptfs-tpm2: fix encrypt_secret.py for python3Yi Zhao2021-08-202-0/+57
| | | | | | | | | Fixes: encrypt_secret.py -i "H31i05" > "primary_key.secret" || exit 1 ERROR: Unable to encrypt the secret Suggested-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* cryptfs-tpm2: fix LDFLAGS expansionYi Zhao2021-08-202-0/+44
| | | | | | | | When LDFLAGS expands, The -fmacro-prefix-map and -fdebug-prefix-map will be prefixed with -Wl, which will cause compilation error: ld: -f may not be used without -shared Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: add honister to LAYERSERIES_COMPATYi Zhao2021-08-091-1/+1
| | | | | | Drop other releases since they are not compatible anymore. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* meta-secure-core: Convert to new override syntaxYi Zhao2021-08-098-14/+14
| | | | | | Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* cryptfs-tpm2: fix build reproducibility issueYi Zhao2021-08-092-0/+59
| | | | | | | | | | | | | | Fixes: | main.c: In function 'show_banner': | main.c:43:62: error: macro "__DATE__" might prevent reproducible builds [-Werror=date-time] | 43 | info_cont("Build Time: " __DATE__ " " __TIME__ "\n\n"); | | ^ | main.c:43:34: error: macro "__TIME__" might prevent reproducible builds [-Werror=date-time] | 43 | info_cont("Build Time: " __DATE__ " " __TIME__ "\n\n"); | | ^~~~~~~~ | cc1: all warnings being treated as errors Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: add hardknott to LAYERSERIES_COMPATYi Zhao2021-04-211-1/+1
| | | | | | Remove other releases since they are not compatible anymore. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* conf/layer.conf: Add gatesgarth to LAYERSERIES_COMPATBartłomiej Burdukiewicz2020-12-091-1/+1
| | | | Signed-off-by: Bartłomiej Burdukiewicz <bartlomiej.burdukiewicz@gmail.com>
* meta-encrypted-storage: set CONFIG_HW_RANDOM_TPM to "y"Yongxin Liu2020-11-111-1/+1
| | | | | | | CONFIG_HW_RANDOM_TPM is bool, not tristate, and thus it cannot be set to "m" Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
* cyrptfs-tpm2: set correct soname for libcryptfs-tpm2Yi Zhao2020-07-183-0/+49
| | | | | | | | | | | | | | | | | | | The current soname of libcryptfs-tpm2 is libcryptfs-tpm2.so: $ readelf -d libcryptfs-tpm2.so.0.7.0 | grep SONAME 0x000000000000000e (SONAME) Library soname: [libcryptfs-tpm2.so] The libcryptfs-tpm2.so is a symbolic link of libcryptfs-tmp2.so.0.7.0 and it is not installed by default because it is packaged to dev package. Then we will encounter an error when run command cryptfs-tpm2: $ cryptfs-tpm2 cryptfs-tpm2: error while loading shared libraries: libcryptfs-tpm2.so: cannot open shared object file: No such file or directory $ ldd cryptfs-tpm2 | grep libcryptfs-tpm2 libcryptfs-tpm2.so => not found Set the soname to libcryptfs-tpm2.so.$(MAJOR_VERSION) to fix the issue. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* update tpm2-tools_3.2.1 -> tpm2-tools_4.1.1.bb, tpm2-abrmd_2.0.3 -> ↵richard2020-06-272-0/+12
| | | | tpm2-abrmd_2.3.0, tpm2-tss_2.2.3.bb -> tpm2-tss_2.3.2.bb
* conf/layer.conf: Add dunfell to LAYERSERIES_COMPATChristophe Priouzeau2020-05-271-1/+1
| | | | Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
* cryptfs-tpm2: convert the script to python3Yi Zhao2020-03-192-0/+33
| | | | | | | | | | | Convert the script to python3 to fix the do_compile failure. Fixes: /buildarea/poky/build/tmp/work/core2-64-poky-linux/cryptfs-tpm2/0.7.0+gitAUTOINC+888c46c827-r0/git/scripts/encrypt_secret.py -i "H31i05" > "primary_key.secret" || exit 1 /usr/bin/env: ‘python’: No such file or directory Makefile:64: recipe for target 'primary_key.secret' failed Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* cryptsetup_%.bbappend: Fix for nativeRobert Yang2019-11-141-1/+1
| | | | | | | | | | | | | Issue: LIN1019-2347 Fixed: $ bitbake cryptsetup-native [snip] Nothing RPROVIDES 'lvm2-udevrules-native' [snip] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* lvm2: Fix hanging dmcrypt volumes on bootJason Wessel2019-11-082-0/+45
| | | | | | | | | | | | The initrd takes care of starting the luks volumes and activing the dmcrypt udev rules. The udev rule required a modification to deal with volumes that had already been started, else the cold plug event that runs at user space startup puts the dmcrypt device into a state that systemd cannot manage it. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* packagegroup-luks.inc: Addlvm2-udevrulesJason Wessel2019-11-081-0/+1
| | | | | | | | | The lvm2-udevrules is required else udev will never perform the device notification when an encrypted volume is initially created. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* cryptfs-tpm2: Add support for QEMU swtpm tpm2Jason Wessel2019-11-082-0/+34
| | | | | | | | | | The device nodes are in a different place when using the swtpm + ovfm + qemu. The luks-setup.sh needs to look in an additional location to properly support qemu. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* conf/layer.conf: Add zeus to LAYERSERIES_COMPAT (#121)muvarov2019-11-011-1/+1
| | | Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
* meta-secure-core: add linux-yocto-dev bbappendYi Zhao2019-08-131-0/+1
| | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* conf/layer.conf: Add warrior to LAYERSERIES_COMPATYi Zhao2019-04-231-1/+1
| | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* layer.conf: update LAYERSERIES_COMPAT `sumo' -> `thud'Hongxu Jia2018-10-081-1/+1
| | | | | | | | Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and `9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core, update LAYERSERIES_COMPAT `sumo' -> `thud' Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
* Clean up the stuffs for stable branchesJia Zhang2018-09-201-1/+1
| | | | | | | | | | | The following commits are reverted by the way: - seloader: Fix building for rocko (bc6bbe2) - meta-integrity: rpm: Add back in required patches for rocko (5fa9c85) Because they are only applicable to rocko. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* cryptfs-tpm2: Fix build faiure due to -fstack-protector-strongJia Zhang2018-09-171-0/+1
| | | | | | | SECURITY_LDFLAGS includes -fstack-protector-strong which cannot work with CCLD. To work around this issue, filter out it from LDFLAGS. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* cryptfs-tpm2: Update to the latestJia Zhang2018-09-171-3/+4
| | | | | | | - Follow up the regular way to include header file. - Use CCLD to build executable and library. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* cryptfs-tpm2: uprev to 0.7Yunguo Wei2018-09-121-6/+6
| | | | | | | | Now cryptfs-tpm2 supports both TSS 1.x and 2.x API. Please specify "TSS2_VER=1" in EXTRA_OEMAKE to support 1.x API. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
* cryptsetup_%.bbappend: move lvm2-udevrules from RDEPEND to RRECOMMENDSHongxu Jia2018-08-271-1/+2
| | | | | | | | | | | | | | when configuring lvm2 without udev, lvm2-udevrules package is empty, causing do_rootfs failure. Error: ERROR: wrlinux-image-glibc-std-1.0-r5 do_rootfs: Function failed: do_rootfs Problem: conflicting requests - nothing provides lvm2-udevrules needed by cryptsetup-1.7.4-r0.corei7_64 Move lvm2-udevrules from RDEPEND to RRECOMMENDS could workaround the issue. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
* layer.conf: Mark as compatible with rockoTom Rini2018-07-251-1/+1
| | | | | | | As we also work with the 'rocko' release list that in our LAYERSERIES_COMPAT. Signed-off-by: Tom Rini <trini@konsulko.com>
* cryptfs-tpm2: update to 0.6.3Jia Zhang2018-06-161-2/+2
| | | | Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* tpm2.0-tss: rename -> tpm2-tssTrevor Woerner2018-05-301-1/+1
| | | | | | Unify how the TPM2 recipes are named. Signed-off-by: Trevor Woerner <twoerner@gmail.com>
* tpm2.0-tools: rename -> tpm2-toolsTrevor Woerner2018-05-301-2/+2
| | | | | | Unify how the TPM2 recipes are named. Signed-off-by: Trevor Woerner <twoerner@gmail.com>
* layer.conf: add LAYERSERIES_COMPATTrevor Woerner2018-05-261-0/+2
| | | | | | see https://patchwork.openembedded.org/patch/140542/ Signed-off-by: Trevor Woerner <twoerner@gmail.com>
* cryptfs-tpm2: Update the upstream URLJia Zhang2018-03-131-2/+2
| | | | Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* meta-secure-core: update TSS 2.0 to the latest stable versionJia Zhang2018-02-191-2/+2
| | | | Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* Install packages if distro flag set (#21)Wenzong Fan2017-09-251-1/+1
| | | | | | | * install 'packagegroup-tpm2-initramfs' of distro flag 'tpm2' is set * install 'initrdscripts-ima' if distro flag 'ima' is set * install 'cryptfs-tpm2-initramfs' if distro flag 'luks' is set Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* cryptsetup:add lvm2-udevrules into RDEPENDS (#19)WarrickJiang2017-09-251-1/+1
| | | | | | meta-oe layer split the udevrules for lvm2 into a new package. Add lvm2-udevrules into cryptsetup RDEPENDS list. Signed-off-by: Jiang Lu <lu.jiang@windriver.com>
* meta-secure-core: clean up ${COREBASE}/LICENSE and ${COREBASE}/meta/COPYING.MITJia Zhang2017-09-021-1/+1
| | | | | | | | ${COREBASE}/LICENSE is not a valid license file. So it is recommended to use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. This will become an error in the future. Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* encrypted-storage: use luks as the feature name for current implementationJia Zhang2017-08-209-15/+15
| | | | | | | | encrypted-storage layer will include more security features about encrypted storage so the term "encrypted-storage" won't be used to specify a dedicated technology term such as "LUKS". Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
* cryptfs-tpm2: sync up with upstreamLans Zhang2017-08-161-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* README.md: update reference linksLans Zhang2017-08-161-2/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: sync up with upstreamLans Zhang2017-08-091-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: work around circular dependency chains found if systemd is ↵Lans Zhang2017-08-091-4/+4
| | | | | | configured to enable cryptsetup Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: fix the conditions of PACKAGECONFIG for ima and cryptsetupLans Zhang2017-08-041-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* systemd: enable ima and cryptsetupLans Zhang2017-08-041-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptsetup: depend on lvm2 to include dmsetupLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* cryptfs-tpm2: fix RDEPENDSLans Zhang2017-08-041-5/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-encrypted-storage: depend on meta-oeLans Zhang2017-08-041-0/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: code style fixupLans Zhang2017-07-281-1/+1
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* packagegroup-encrypted-storage.inc: add cryptfs-tpm2Lans Zhang2017-07-271-0/+4
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
* meta-secure-core: define the oe index nameLans Zhang2017-07-201-0/+2
| | | | Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-28 09:07:51 +0000