diff options
Diffstat (limited to 'meta-security/meta-integrity/recipes-kernel')
3 files changed, 4 insertions, 23 deletions
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend index 931854ef8..f9a48cd05 100644 --- a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend +++ b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend @@ -1,3 +1,5 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}" -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}" + +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)} diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg deleted file mode 100644 index b3e47ba37..000000000 --- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg +++ /dev/null @@ -1,18 +0,0 @@ -CONFIG_IMA=y -CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" -CONFIG_IMA_DEFAULT_HASH_SHA1=y -CONFIG_IMA_DEFAULT_HASH="sha1" -CONFIG_IMA_APPRAISE=y -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_SIGNATURE=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_LOAD_X509=y -CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" - -#CONFIG_INTEGRITY_SIGNATURE=y -#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -#CONFIG_INTEGRITY_TRUSTED_KEYRING=y diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg deleted file mode 100644 index 9a454257a..000000000 --- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg +++ /dev/null @@ -1,3 +0,0 @@ -# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set -CONFIG_EVM_LOAD_X509=y -CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" |