The upstream ima.cfg kernel-cache has been updated.
Use it instead.
Signed-off-by: Armin Kuster <[email protected]>
---
.../recipes-kernel/linux/linux/ima.cfg | 45 -------------------
.../recipes-kernel/linux/linux/ima.scc | 4 --
.../recipes-kernel/linux/linux_ima.inc | 6 +--
3 files changed, 1 insertion(+), 54 deletions(-)
delete mode 100644 meta-integrity/recipes-kernel/linux/linux/ima.cfg
delete mode 100644 meta-integrity/recipes-kernel/linux/linux/ima.scc
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg
b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
deleted file mode 100644
index d7d80a6..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/ima.cfg
+++ /dev/null
@@ -1,45 +0,0 @@
-CONFIG_KEYS=y
-CONFIG_ASYMMETRIC_KEY_TYPE=y
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS="${IMA_EVM_ROOT_CA}"
-CONFIG_SECONDARY_TRUSTED_KEYRING=y
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
-CONFIG_X509_CERTIFICATE_PARSER=y
-CONFIG_PKCS8_PRIVATE_KEY_PARSER=y
-CONFIG_CRYPTO_ECDSA=y
-CONFIG_SECURITY=y
-CONFIG_SECURITYFS=y
-CONFIG_INTEGRITY=y
-CONFIG_INTEGRITY_SIGNATURE=y
-CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_IMA=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_LSM_RULES=y
-# CONFIG_IMA_TEMPLATE is not set
-# CONFIG_IMA_NG_TEMPLATE is not set
-CONFIG_IMA_SIG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
-# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
-CONFIG_IMA_DEFAULT_HASH_SHA256=y
-# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
-CONFIG_IMA_DEFAULT_HASH="sha256"
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_ARCH_POLICY=y
-CONFIG_IMA_APPRAISE_BUILD_POLICY=y
-CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS=y
-# CONFIG_IMA_APPRAISE_BOOTPARAM is not set
-# CONFIG_IMA_APPRAISE_MODSIG is not set
-CONFIG_IMA_TRUSTED_KEYRING=y
-CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
-# CONFIG_IMA_BLACKLIST_KEYRING is not set
-# CONFIG_IMA_LOAD_X509 is not set
-CONFIG_IMA_APPRAISE_SIGNED_INIT=y
-CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
-CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
-# CONFIG_IMA_DISABLE_HTABLE is not set
-CONFIG_EVM=y
-# CONFIG_EVM_LOAD_X509 is not set
diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.scc
b/meta-integrity/recipes-kernel/linux/linux/ima.scc
deleted file mode 100644
index 6eb84b0..0000000
--- a/meta-integrity/recipes-kernel/linux/linux/ima.scc
+++ /dev/null
@@ -1,4 +0,0 @@
-define KFEATURE_DESCRIPTION "Enable IMA"
-
-kconf non-hardware ima.cfg
-
diff --git a/meta-integrity/recipes-kernel/linux/linux_ima.inc
b/meta-integrity/recipes-kernel/linux/linux_ima.inc
index 7016800..415476a 100644
--- a/meta-integrity/recipes-kernel/linux/linux_ima.inc
+++ b/meta-integrity/recipes-kernel/linux/linux_ima.inc
@@ -1,8 +1,3 @@
-FILESEXTRAPATHS:append := "${THISDIR}/linux:"
-
-SRC_URI += " \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'file://ima.scc', '', d)} \
-"
do_configure:append() {
if [ "${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'yes', '', d)}" =
"yes" ] && [ -f .config ] ; then
@@ -11,5 +6,6 @@ do_configure:append() {
}
KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign',
' features/ima/modsign.scc', '', d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ima', '
features/ima/ima.scc', '', d)}"
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign',
'', d)}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60620): https://lists.yoctoproject.org/g/yocto/message/60620
Mute This Topic: https://lists.yoctoproject.org/mt/100253682/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
