summaryrefslogtreecommitdiffstats
path: root/meta-integrity/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* integrity-image-minimal: adapt QEMU cmdline to new changesArmin Kuster2023-05-061-1/+1
| | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: Convert to new override syntaxArmin Kuster2021-08-015-8/+8
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: introduce IMA_FORCEMing Liu2021-04-122-2/+12
| | | | | | | | | | | | | | Introduce IMA_FORCE to allow the IMA policy be applied forcely even 'no_ima' boot parameter is available. This ensures the end users have a way to disable 'no_ima' support if they want to, because it may expose a security risk if an attacker can find a way to change kernel arguments, it will easily bypass rootfs authenticity checks. Signed-off-by: Sergio Prado <sergio.prado@toradex.com> Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: let ima_enabled return 0Ming Liu2021-02-231-0/+1
| | | | | | | Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: RDEPENDS on ima-evm-keysMing Liu2021-02-231-1/+1
| | | | | Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: fix a wrong pathMing Liu2021-02-231-1/+1
| | | | | | | /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: fix issues with yocto-check-layerArmin Kuster2020-01-042-1/+6
| | | | | | | [v2] re-did solutions Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework-ima: correct IMA_POLICY nameArmin Kuster2019-09-071-1/+1
| | | | | | | | | it had ima_policy_hashed and did not match the recipe ima-policy-hashed found by yocto-check-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* integrity-image: IMA_EVM_KEY_DIR has no affect, removeArmin Kuster2019-08-241-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASEDmitry Eremin-Solenikov2019-08-041-1/+1
| | | | | | | data/debug-keys will be reused for demo modsign keys, so rename IMA_EVM_BASE to more generic INTEGRITY_BASE. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
* image: add image for testingArmin Kuster2019-05-281-0/+22
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs: clean up to pull in packages.Armin Kuster2019-05-281-8/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* base-files: add appending to automount securityfsArmin Kuster2019-05-282-0/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: port over from meta-intel-iot-securityArmin Kuster2019-05-286-0/+111
Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 20:45:02 +0000