linux/meta-security.git - Mirror of git.yoctoproject.org/meta-security.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	packagegroup-core-security: restore riscv64 for libssecomp	Armin Kuster	2020-07-27	1	-1/+1
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	packagegroup-core-security: remove libseccomp for riscv*	Armin Kuster	2020-07-27	1	-1/+1
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	packagegroup-core-security: remove clamav for riscv*	Armin Kuster	2020-07-25	1	-3/+1
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	security packagegroups: move to recipes-core	Armin Kuster	2020-07-25	2	-0/+96
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	security images: Move to recipe-core	Armin Kuster	2020-07-25	4	-0/+87
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	dm-verity: add a working example for BeagleBone Black	Bartosz Golaszewski	2020-05-15	3	-0/+85
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This adds various bits and pieces to enable generating a working example of a full chain of trust up to dm-verity-protected rootfs level on Beagle Bone Black. The new initramfs is quite generic and should work for other SoCs as well when using fitImage. The following config can be used with current master poky, meta-openembedded & meta-security to generate a BBB image using verified boot and dm-verity. UBOOT_SIGN_KEYDIR = "/tmp/test-keys/" UBOOT_SIGN_KEYNAME = "dev" UBOOT_SIGN_ENABLE = "1" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" UBOOT_MACHINE_beaglebone-yocto = "am335x_boneblack_vboot_config" IMAGE_CLASSES += "dm-verity-img" IMAGE_FSTYPES += "wic.xz ext4" DM_VERITY_IMAGE = "core-image-full-cmdline" DM_VERITY_IMAGE_TYPE = "ext4" KERNEL_CLASSES += "kernel-fitimage" KERNEL_IMAGETYPE_beaglebone-yocto = "fitImage" IMAGE_INSTALL_remove = " kernel-image-zimage" IMAGE_BOOT_FILES_remove = " zImage" IMAGE_BOOT_FILES_append = " fitImage-${INITRAMFS_IMAGE}-${MACHINE}-${MACHINE};fitImage" # Using systemd is not strictly needed but deals nicely with read-only # filesystem by default. DISTRO_FEATURES_append = " systemd" DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit" VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" INITRAMFS_IMAGE = "dm-verity-image-initramfs" INITRAMFS_FSTYPES = "cpio.gz" INITRAMFS_IMAGE_BUNDLE = "1" WKS_FILE = "beaglebone-yocto-verity.wks.in" KERNEL_FEATURES_append = " features/device-mapper/dm-verity.scc" Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	busybox: fix sig changes when layer added	Armin Kuster	2019-09-07	2	-3/+4
\| \| \| \|	Signed-off-by: Armin Kuster <akuster808@gmail.com>
*	libseccomp: add tests	Armin Kuster	2015-04-15	2	-0/+4
	update busybox for extend head option for test suite remove seq -f option as it is not supported buy busybox Signed-off-by: Armin Kuster <akuster808@gmail.com>