aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2019-08-09 13:25:47 -0700
committerArmin Kuster <akuster808@gmail.com>2019-08-09 13:25:47 -0700
commit29562326f53f6a01a5099f3360371fa3f1dc3c97 (patch)
treea53fefcfa99c399a3da231011eca12501af720e2
parentddf38730930679a0e977b8e41de1513a51fb5990 (diff)
downloadmeta-security-wip_kernel.tar.gz
meta-security-wip_kernel.tar.bz2
meta-security-wip_kernel.zip
ima: remove kernel fragments now in cachewip_kernel
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-integrity/recipes-kernel/linux/linux-%.bbappend5
-rw-r--r--meta-integrity/recipes-kernel/linux/linux/ima.cfg18
-rw-r--r--meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg3
-rw-r--r--meta-integrity/recipes-kernel/linux/linux/modsign.cfg5
-rw-r--r--meta-integrity/recipes-kernel/linux/linux/modsign.scc4
5 files changed, 2 insertions, 33 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-integrity/recipes-kernel/linux/linux-%.bbappend
index ca96c8d..f9a48cd 100644
--- a/meta-integrity/recipes-kernel/linux/linux-%.bbappend
+++ b/meta-integrity/recipes-kernel/linux/linux-%.bbappend
@@ -1,6 +1,5 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
+KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}"
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' file://modsign.scc file://modsign.cfg', '', d)}"
+KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
deleted file mode 100644
index b3e47ba..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/ima.cfg
+++ /dev/null
@@ -1,18 +0,0 @@
-CONFIG_IMA=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_TRUSTED_KEYRING=y
-CONFIG_SIGNATURE=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_LOAD_X509=y
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
-
-#CONFIG_INTEGRITY_SIGNATURE=y
-#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-#CONFIG_INTEGRITY_TRUSTED_KEYRING=y
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg b/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
deleted file mode 100644
index 9a45425..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
+++ /dev/null
@@ -1,3 +0,0 @@
-# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
-CONFIG_EVM_LOAD_X509=y
-CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
diff --git a/meta-integrity/recipes-kernel/linux/linux/modsign.cfg b/meta-integrity/recipes-kernel/linux/linux/modsign.cfg
deleted file mode 100644
index c0c4ebc..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/modsign.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-CONFIG_MODULE_SIG=y
-CONFIG_MODULE_SIG_FORCE=y
-CONFIG_MODULE_SIG_SHA256=y
-CONFIG_MODULE_SIG_HASH="sha256"
-CONFIG_MODULE_SIG_KEY="modsign_key.pem"
diff --git a/meta-integrity/recipes-kernel/linux/linux/modsign.scc b/meta-integrity/recipes-kernel/linux/linux/modsign.scc
deleted file mode 100644
index bce78ae..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/modsign.scc
+++ /dev/null
@@ -1,4 +0,0 @@
-define KFEATURE_DESCRIPTION "Kernel Module Signing (modsign) enablement"
-define KFEATURE_COMPATIBILITY all
-
-kconf non-hardware modsign.cfg