From 473d7cf3fdaa013905c3f5a879ab27f0d70affb8 Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Tue, 11 Jul 2017 14:08:45 +0800 Subject: README: cleanup Signed-off-by: Lans Zhang --- README.md | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 8cc9f32..d476328 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -### meta-secure-env +### meta-secure-core This layer provides the following common and platform-specific security features: @@ -9,32 +9,22 @@ key. Whenever this feature is enabled, the bootloader and kernel will be signed automatically during the build, implying the signed binaries are contained by the resulting RPM and rootfs image. -Refer to [meta-efi-secure-boot](https://github.com/jiazhang0/meta-efi-secure-boot/blob/master/README.md) for more details. - #### MOK Secure Boot For x86 platform, MOK secure boot is based on the UEFI secure boot, adding the shim loader to chainloader the second-stage bootloader. Meanwhile, the shim will also install a protocol which permits the second-stage bootloader to perform similar binary validation, e.g, for linux kernel. -Refer to [meta-efi-secure-boot](https://github.com/jiazhang0/meta-efi-secure-boot/blob/master/README.md) for more details. - #### User key store By default, the signing key used by UEFI/MOK secure boot is the sample key for the purposes of development and demonstration. It is not recommended that this sample key be used for a production device and should be replaced by a secret key owned by the user. -Refer to [meta-signing-key](https://github.com/jiazhang0/meta-signing-key/blob/master/README.md) -for more details about how to construct an user key store. - #### TPM 1.x This feature enables Trusted Platform Module 1.x support, including kernel option changes to enable tpm drivers, and picking up TPM 1.x packages. -Refer to [meta-tpm](https://github.com/jiazhang0/meta-tpm/blob/master/README.md) -for more details. - #### TPM 2.0 This feature enables Trusted Platform Module 2.0 support, including kernel option changes to enable tpm drivers, and picking up TPM 2.0 packages. @@ -43,9 +33,6 @@ Trusted Platform Module (TPM 2.0) is a microcontroller that stores keys, passwords, and digital certificates. A discrete TPM 2.0 offers the capabilities as part of the overall platform security requirements. -Refer to [meta-tpm2](https://github.com/jiazhang0/meta-tpm2/blob/master/README.md) -for more details. - #### Encrypted storage This feature gives 2 types of granularity for storage encryption. Data volume encryption allows the user to create encryption partition with a passphrase @@ -57,8 +44,6 @@ which provides transparent encryption of block devices using the kernel crypto API. Additionally, the utility cryptsetup is used to conveniently setup disk encryption based on device-mapper crypt target. -Refer to [meta-encrypted-storage](https://github.com/jiazhang0/meta-encrypted-storage/blob/master/README.md) for more details. - #### Integrity The Linux IMA subsystem introduces hooks within the Linux kernel to support measuring the integrity of files that are loaded (including application code) @@ -80,16 +65,9 @@ files and applications to be loaded if the hashes match (and will save the updated hash if the file is modified) but refuse to load it if it doesn't. This provides some protection against offline tampering of the files. -Refer to [meta-integrity](https://github.com/jiazhang0/meta-efi-secure-boot/blob/master/README.md) -for more details. - #### RPM signing This feature provides the integrity verification for the RPM5 package. -Refer to [meta-rpm-signing](https://github.com/jiazhang0/meta-rpm-signing/blob/master/README.md) -for more details. - - -### Building the meta-secure-env layer +### Building the meta-secure-core layer This layer should be added to the bblayers.conf file. To enable certain feature provided by this layer, add the feature to the local.conf file. -- cgit v1.2.3-54-g00ecf