On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1) wrote: > We are using initramfs to run a script which before mounting the root > file system checks for ima policy and also responsible for loading the > evm-keys. In short, the initramfs contains a script which is executed > before mounting the main root file system.
Ostro OS does the same, with IMA activated via a plugin for the initramfs-framework (a set of scripts in OE-core). meta-integrity: https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity IMA plugin: https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts Full initramfs using this is ostro-initramfs.bb in: https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images Perhaps this will give you some ideas how to do this, or can even be used as-is? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto