Merge branch 'intel' into intel2

author: jmbills <42755197+jmbills@users.noreply.github.com> 2019-10-25 19:18:16 +0300
committer: GitHub <noreply@github.com> 2019-10-25 19:18:16 +0300
commit: 0dbb60593ebb5a62190c0e6cff7f1770493303a2 (patch)
tree: 0df2ce67404dbca3ddc4ee063dbfd9ae455be682 /meta-security/meta-integrity/recipes-kernel/linux
parent: 34a3942845ac3264ce27c648ae5486d302c3e6d8 (diff)
parent: cc9cea46d74d280de03c713c8b555153fd811f09 (diff)
download: openbmc-0dbb60593ebb5a62190c0e6cff7f1770493303a2.tar.xz
3 files changed, 4 insertions, 23 deletions
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
index 931854ef8..f9a48cd05 100644
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
+++ b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
@@ -1,3 +1,5 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
+KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
 
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}"
+KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
+
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg
deleted file mode 100644
index b3e47ba37..000000000
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg
+++ /dev/null
@@ -1,18 +0,0 @@
-CONFIG_IMA=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_TRUSTED_KEYRING=y
-CONFIG_SIGNATURE=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_LOAD_X509=y
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
-
-#CONFIG_INTEGRITY_SIGNATURE=y
-#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-#CONFIG_INTEGRITY_TRUSTED_KEYRING=y
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
deleted file mode 100644
index 9a454257a..000000000
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
+++ /dev/null
@@ -1,3 +0,0 @@
-# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
-CONFIG_EVM_LOAD_X509=y
-CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
author	jmbills <42755197+jmbills@users.noreply.github.com>	2019-10-25 19:18:16 +0300
committer	GitHub <noreply@github.com>	2019-10-25 19:18:16 +0300
commit	0dbb60593ebb5a62190c0e6cff7f1770493303a2 (patch)
tree	0df2ce67404dbca3ddc4ee063dbfd9ae455be682 /meta-security/meta-integrity/recipes-kernel/linux
parent	34a3942845ac3264ce27c648ae5486d302c3e6d8 (diff)
parent	cc9cea46d74d280de03c713c8b555153fd811f09 (diff)
download	openbmc-0dbb60593ebb5a62190c0e6cff7f1770493303a2.tar.xz