diff options
Diffstat (limited to 'recipes-kernel')
-rw-r--r-- | recipes-kernel/linux/files/lkrg.cfg | 4 | ||||
-rw-r--r-- | recipes-kernel/linux/files/lkrg.scc | 5 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-%_5.%.bbappend | 4 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto-dev.bbappend | 2 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto-rt_%.bbappend | 1 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto_%.bbappend | 1 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto_5.%.bbappend | 2 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-yocto_security.inc | 6 | ||||
-rw-r--r-- | recipes-kernel/lkrg/lkrg-module_0.9.7.bb | 38 |
9 files changed, 55 insertions, 8 deletions
diff --git a/recipes-kernel/linux/files/lkrg.cfg b/recipes-kernel/linux/files/lkrg.cfg new file mode 100644 index 0000000..e02bf76 --- /dev/null +++ b/recipes-kernel/linux/files/lkrg.cfg @@ -0,0 +1,4 @@ +CONFIG_DEBUG_KERNEL=y +CONFIG_KALLSYMS_ALL=y +CONFIG_JUMP_LABEL=y +CONFIG_DEBUG_SECTION_MISMATCH=y diff --git a/recipes-kernel/linux/files/lkrg.scc b/recipes-kernel/linux/files/lkrg.scc new file mode 100644 index 0000000..83397f8 --- /dev/null +++ b/recipes-kernel/linux/files/lkrg.scc @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: MIT +define KFEATURE_DESCRIPTION "Enable Support for LKRG" +define KFEATURE_COMPATIBILITY board + +kconf hardware lkrg.cfg diff --git a/recipes-kernel/linux/linux-%_5.%.bbappend b/recipes-kernel/linux/linux-%_5.%.bbappend deleted file mode 100644 index 76b5df5..0000000 --- a/recipes-kernel/linux/linux-%_5.%.bbappend +++ /dev/null @@ -1,4 +0,0 @@ -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "yama", " features/yama/yama.scc", "" ,d)}" - diff --git a/recipes-kernel/linux/linux-yocto-dev.bbappend b/recipes-kernel/linux/linux-yocto-dev.bbappend deleted file mode 100644 index 39d4e6f..0000000 --- a/recipes-kernel/linux/linux-yocto-dev.bbappend +++ /dev/null @@ -1,2 +0,0 @@ -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" diff --git a/recipes-kernel/linux/linux-yocto-rt_%.bbappend b/recipes-kernel/linux/linux-yocto-rt_%.bbappend new file mode 100644 index 0000000..79dfeac --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-rt_%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('DISTRO_FEATURES', 'security', 'linux-yocto_security.inc', '', d)} diff --git a/recipes-kernel/linux/linux-yocto_%.bbappend b/recipes-kernel/linux/linux-yocto_%.bbappend new file mode 100644 index 0000000..1d9054f --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains('DISTRO_FEATURES', 'security', '${BPN}_security.inc', '', d)} diff --git a/recipes-kernel/linux/linux-yocto_5.%.bbappend b/recipes-kernel/linux/linux-yocto_5.%.bbappend deleted file mode 100644 index 39d4e6f..0000000 --- a/recipes-kernel/linux/linux-yocto_5.%.bbappend +++ /dev/null @@ -1,2 +0,0 @@ -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" -KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" diff --git a/recipes-kernel/linux/linux-yocto_security.inc b/recipes-kernel/linux/linux-yocto_security.inc new file mode 100644 index 0000000..b79af80 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_security.inc @@ -0,0 +1,6 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("IMAGE_CLASSES", "dm-verity-img", " features/device-mapper/dm-verity.scc", "" ,d)}" +SRC_URI += " ${@bb.utils.contains("DISTRO_FEATURES", "lkrg", "file://lkrg.scc", "" ,d)}" diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.7.bb b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb new file mode 100644 index 0000000..020c3a1 --- /dev/null +++ b/recipes-kernel/lkrg/lkrg-module_0.9.7.bb @@ -0,0 +1,38 @@ +SUMMARY = "Linux Kernel Runtime Guard" +DESCRIPTION="LKRG performs runtime integrity checking of the Linux \ +kernel and detection of security vulnerability exploits against the kernel." +SECTION = "security" +HOMEPAGE = "https://www.openwall.com/lkrg/" +LICENSE = "GPL-2.0-only" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=57534ed9f03a5810945cd9be4a81db41" + +DEPENDS = "virtual/kernel elfutils" + +SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main" + +SRCREV = "5dc5cfea1f4dc8febdd5274d99e277c17df06acc" + +S = "${WORKDIR}/git" + +inherit module kernel-module-split + +MAKE_TARGETS = "modules" + +MODULE_NAME = "lkrg" + +do_configure:append () { + sed -i -e 's/^all/modules/' ${S}/Makefile + sed -i -e 's/^install/modules_install/' ${S}/Makefile + sed -i -e 's/KERNEL/KERNEL_SRC/g' ${S}/Makefile +} + +module_do_install() { + install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME} + install -m 0644 ${MODULE_NAME}.ko \ + ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}/${MODULE_NAME}.ko +} + +RPROVIDES:${PN} += "kernel-module-lkrg" + +COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" |