From b1e14f4e88be503f91db9c51c89a5a9f5e30de91 Mon Sep 17 00:00:00 2001 From: Jia Zhang Date: Sun, 20 Aug 2017 15:31:11 +0800 Subject: encrypted-storage: use luks as the feature name for current implementation encrypted-storage layer will include more security features about encrypted storage so the term "encrypted-storage" won't be used to specify a dedicated technology term such as "LUKS". Signed-off-by: Jia Zhang --- meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'meta-efi-secure-boot') diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend index da02b5c..1700adc 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend @@ -65,11 +65,10 @@ do_install_append_class-native() { do_install_append_class-target() { local menu="${WORKDIR}/boot-menu.inc" - # Enable the default IMA rules if IMA is enabled and encrypted-storage is - # disabled. This is because unseal operation will fail when any PCR is - # extended due to updating the aggregate integrity value by the default - # IMA rules. - [ x"${IMA}" = x"1" -a x"${@bb.utils.contains('DISTRO_FEATURES', 'encrypted-storage', '1', '0', d)}" != x"1" ] && { + # Enable the default IMA rules if IMA is enabled and luks is disabled. + # This is because unseal operation will fail when any PCR is extended + # due to updating the aggregate integrity value by the default IMA rules. + [ x"${IMA}" = x"1" -a x"${@bb.utils.contains('DISTRO_FEATURES', 'luks', '1', '0', d)}" != x"1" ] && { ! grep -q "ima_policy=tcb" "$menu" && sed -i 's/^\s*linux\s\+.*bzImage.*/& ima_policy=tcb/g' "$menu" } -- cgit v1.2.3-54-g00ecf