diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-03-06 00:22:30 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-03-15 14:02:06 +0300 |
| commit | 8b1392834def7d17263b45bd1aab35759235fb3e (patch) | |
| tree | 8c15f7cbef2b020a8f41839f56be0c02f57ac39c /meta-security/meta-integrity/README.md | |
| parent | 3e34fba3f6b8389074f64203299fa60ec0fc18e1 (diff) | |
| download | openbmc-8b1392834def7d17263b45bd1aab35759235fb3e.tar.xz | |
meta-security: subtree update:6053e8b8e2..9504d02694
Armin Kuster (19):
softhsm: drop pkg as meta-oe has it
apparmor: Inherit python3targetconfig
python3-suricata-update: Inherit python3targetconfig
openscap: Inherit python3targetconfig
scap-security-guide: Inherit python3targetconfig
nikito: Update common-licenses references to match new names
kas-security-base.yml: build setting updates
kas-security-base.yml: drop DL_DIR
arpwatch: upgrade 3.0 -> 3.1
checksec: upgrade 2.1.0 -> 2.4.0
ding-libs: upgrade 0.5.0 -> 0.6.1
fscryptctl: upgrade 0.1.0 -> 1.0.0
libseccomp: upgrade 2.5.0 -> 2.5.1
python3-privacyidea: upgrade 3.3 -> 3.5.1
python3-scapy: upgrade 2.4.3 -> 2.4.4
samhain: update to 4.4.3
opendnssec: update to 2.1.8
suricata: update to 4.10.0
python3-fail2ban: update to 0.11.2
Jate Sujjavanich (1):
scap-security-guide: Fix openembedded platform tests and build
Ming Liu (9):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
Yi Zhao (1):
ibmswtpm2: disable camellia algorithm
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
Diffstat (limited to 'meta-security/meta-integrity/README.md')
| -rw-r--r-- | meta-security/meta-integrity/README.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md index 460794878..5048fba1e 100644 --- a/meta-security/meta-integrity/README.md +++ b/meta-security/meta-integrity/README.md @@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during compilation of the Linux kernel. To also activate it when building the image, enable image signing in the local.conf like this: - INHERIT += "ima-evm-rootfs" + IMAGE_CLASSES += "ima-evm-rootfs" IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" + IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" + IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" This uses the default keys provided in the "data" directory of the layer. Because everyone has access to these private keys, such an image |