diff options
Diffstat (limited to 'kas')
| -rw-r--r-- | kas/kas-security-alt.yml | 8 | ||||
| -rw-r--r-- | kas/kas-security-base.yml | 67 | ||||
| -rw-r--r-- | kas/kas-security-dm.yml | 14 | ||||
| -rw-r--r-- | kas/kas-security-parsec.yml | 17 | ||||
| -rw-r--r-- | kas/qemuarm-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemuarm.yml | 6 | ||||
| -rw-r--r-- | kas/qemuarm64-alt.yml | 6 | ||||
| -rw-r--r-- | kas/qemuarm64-musl.yml | 10 | ||||
| -rw-r--r-- | kas/qemuarm64-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemuarm64.yml | 6 | ||||
| -rw-r--r-- | kas/qemumips64-alt.yml | 6 | ||||
| -rw-r--r-- | kas/qemumips64-multi.yml | 14 | ||||
| -rw-r--r-- | kas/qemumips64.yml | 6 | ||||
| -rw-r--r-- | kas/qemuriscv64.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-64-alt.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-64-dm-verify.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-64-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-64.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-harden.yml | 10 | ||||
| -rw-r--r-- | kas/qemux86-musl.yml | 10 | ||||
| -rw-r--r-- | kas/qemux86-parsec.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86-test.yml | 6 | ||||
| -rw-r--r-- | kas/qemux86.yml | 6 |
23 files changed, 240 insertions, 0 deletions
diff --git a/kas/kas-security-alt.yml b/kas/kas-security-alt.yml new file mode 100644 index 0000000..3ee9808 --- /dev/null +++ b/kas/kas-security-alt.yml @@ -0,0 +1,8 @@ +header: + version: 9 + includes: + - kas-security-base.yml + +local_conf_header: + alt: | + DISTRO_FEATURES:append = " systemd" diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml new file mode 100644 index 0000000..fa7915c --- /dev/null +++ b/kas/kas-security-base.yml @@ -0,0 +1,67 @@ +header: + version: 9 + +distro: poky + +repos: + meta-security: + layers: + ../meta-security: + meta-tpm: + meta-integrity: + meta-hardening: + + poky: + url: https://git.yoctoproject.org/git/poky + refspec: master + layers: + meta: + meta-poky: + meta-yocto-bsp: + + meta-openembedded: + url: http://git.openembedded.org/meta-openembedded + refspec: master + layers: + meta-oe: + meta-perl: + meta-python: + meta-networking: + meta-filesystems: + +local_conf_header: + base: | + CONF_VERSION = "2" + SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/" + INHERIT += "buildstats buildstats-summary buildhistory" + INHERIT += "report-error" + IMAGE_CLASSES += "testimage" + BB_NUMBER_THREADS="24" + BB_NUMBER_PARSE_THREADS="12" + BB_TASK_NICE_LEVEL = '5' + BB_TASK_NICE_LEVEL_task-testimage = '0' + BB_TASK_IONICE_LEVEL = '2.7' + BB_TASK_IONICE_LEVEL_task-testimage = '2.1' + TEST_QEMUBOOT_TIMEOUT = "1500" + EXTRA_IMAGE_FEATURES ?= "debug-tweaks" + PACKAGE_CLASSES = "package_ipk" + + DISTRO_FEATURES:append = " security pam apparmor smack ima tpm tpm2" + MACHINE_FEATURES:append = " tpm tpm2" + + diskmon: | + BB_DISKMON_DIRS = "\ + STOPTASKS,${TMPDIR},1G,100K \ + STOPTASKS,${DL_DIR},1G,100K \ + STOPTASKS,${SSTATE_DIR},1G,100K \ + STOPTASKS,/tmp,100M,100K \ + HALT,${TMPDIR},100M,1K \ + HALT,${DL_DIR},100M,1K \ + HALT,${SSTATE_DIR},100M,1K \ + HALT,/tmp,10M,1K" + +bblayers_conf_header: + base: | + BBPATH = "${TOPDIR}" + BBFILES ?= "" + diff --git a/kas/kas-security-dm.yml b/kas/kas-security-dm.yml new file mode 100644 index 0000000..c03b336 --- /dev/null +++ b/kas/kas-security-dm.yml @@ -0,0 +1,14 @@ +header: + version: 9 + includes: + - kas-security-base.yml + +local_conf_header: + dm-verify: | + DISTRO_FEATURES:append = " integrity" + DM_VERITY_IMAGE = "core-image-minimal" + DM_VERITY_IMAGE_TYPE = "ext4" + IMAGE_CLASSES += "dm-verity-img" + INITRAMFS_IMAGE_BUNDLE = "1" + INITRAMFS_IMAGE = "dm-verity-image-initramfs" + diff --git a/kas/kas-security-parsec.yml b/kas/kas-security-parsec.yml new file mode 100644 index 0000000..9a009be --- /dev/null +++ b/kas/kas-security-parsec.yml @@ -0,0 +1,17 @@ +header: + version: 9 + includes: + - kas-security-base.yml + +repos: + meta-security: + layers: + meta-parsec: + + meta-clang: + url: https://github.com/kraj/meta-clang.git + refspec: master + +local_conf_header: + meta-parsec: | + IMAGE_INSTALL:append = " parsec-service parsec-tool" diff --git a/kas/qemuarm-parsec.yml b/kas/qemuarm-parsec.yml new file mode 100644 index 0000000..cef2818 --- /dev/null +++ b/kas/qemuarm-parsec.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-parsec.yml + +machine: qemuarm diff --git a/kas/qemuarm.yml b/kas/qemuarm.yml new file mode 100644 index 0000000..f51abac --- /dev/null +++ b/kas/qemuarm.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemuarm diff --git a/kas/qemuarm64-alt.yml b/kas/qemuarm64-alt.yml new file mode 100644 index 0000000..48e688c --- /dev/null +++ b/kas/qemuarm64-alt.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-alt.yml + +machine: qemuarm64 diff --git a/kas/qemuarm64-musl.yml b/kas/qemuarm64-musl.yml new file mode 100644 index 0000000..b353eb4 --- /dev/null +++ b/kas/qemuarm64-musl.yml @@ -0,0 +1,10 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + musl: | + TCLIBC = "musl" + +machine: qemuarm64 diff --git a/kas/qemuarm64-parsec.yml b/kas/qemuarm64-parsec.yml new file mode 100644 index 0000000..9b593bc --- /dev/null +++ b/kas/qemuarm64-parsec.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-parsec.yml + +machine: qemuarm64 diff --git a/kas/qemuarm64.yml b/kas/qemuarm64.yml new file mode 100644 index 0000000..a0c2d1a --- /dev/null +++ b/kas/qemuarm64.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemuarm64 diff --git a/kas/qemumips64-alt.yml b/kas/qemumips64-alt.yml new file mode 100644 index 0000000..c5d54d4 --- /dev/null +++ b/kas/qemumips64-alt.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-alt.yml + +machine: qemumips64 diff --git a/kas/qemumips64-multi.yml b/kas/qemumips64-multi.yml new file mode 100644 index 0000000..6ef8b39 --- /dev/null +++ b/kas/qemumips64-multi.yml @@ -0,0 +1,14 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + multi: | + require conf/multilib.conf + MULTILIBS = "multilib:lib64 multilib:lib32" + DEFAULTTUNE = "mips64-n32" + DEFAULTTUNE:virtclass-multilib-lib64 = "mips64" + DEFAULTTUNE:virtclass-multilib-lib32 = "mips32r2" + +machine: qemumips64 diff --git a/kas/qemumips64.yml b/kas/qemumips64.yml new file mode 100644 index 0000000..64e52f7 --- /dev/null +++ b/kas/qemumips64.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemumips64 diff --git a/kas/qemuriscv64.yml b/kas/qemuriscv64.yml new file mode 100644 index 0000000..e1b1e49 --- /dev/null +++ b/kas/qemuriscv64.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemuriscv64 diff --git a/kas/qemux86-64-alt.yml b/kas/qemux86-64-alt.yml new file mode 100644 index 0000000..f0d6b27 --- /dev/null +++ b/kas/qemux86-64-alt.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-alt.yml + +machine: qemux86-64 diff --git a/kas/qemux86-64-dm-verify.yml b/kas/qemux86-64-dm-verify.yml new file mode 100644 index 0000000..1f26008 --- /dev/null +++ b/kas/qemux86-64-dm-verify.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-dm.yml + +machine: qemux86-64 diff --git a/kas/qemux86-64-parsec.yml b/kas/qemux86-64-parsec.yml new file mode 100644 index 0000000..ec39c14 --- /dev/null +++ b/kas/qemux86-64-parsec.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-parsec.yml + +machine: qemux86-64 diff --git a/kas/qemux86-64.yml b/kas/qemux86-64.yml new file mode 100644 index 0000000..4ba2b66 --- /dev/null +++ b/kas/qemux86-64.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemux86-64 diff --git a/kas/qemux86-harden.yml b/kas/qemux86-harden.yml new file mode 100644 index 0000000..fb59dda --- /dev/null +++ b/kas/qemux86-harden.yml @@ -0,0 +1,10 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + meta-security: | + DISTRO = "harden" + +machine: qemux86 diff --git a/kas/qemux86-musl.yml b/kas/qemux86-musl.yml new file mode 100644 index 0000000..61d9572 --- /dev/null +++ b/kas/qemux86-musl.yml @@ -0,0 +1,10 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +local_conf_header: + musl: | + TCLIBC = "musl" + +machine: qemux86 diff --git a/kas/qemux86-parsec.yml b/kas/qemux86-parsec.yml new file mode 100644 index 0000000..370947d --- /dev/null +++ b/kas/qemux86-parsec.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-parsec.yml + +machine: qemux86 diff --git a/kas/qemux86-test.yml b/kas/qemux86-test.yml new file mode 100644 index 0000000..83a5353 --- /dev/null +++ b/kas/qemux86-test.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemux86 diff --git a/kas/qemux86.yml b/kas/qemux86.yml new file mode 100644 index 0000000..83a5353 --- /dev/null +++ b/kas/qemux86.yml @@ -0,0 +1,6 @@ +header: + version: 8 + includes: + - kas-security-base.yml + +machine: qemux86 |