<p dir="ltr">I suggest the debug-iniramfs-image from meta-openembedded/meta-initramfs.</p>
<br><div class="gmail_quote"><div dir="ltr">On Sun, Jan 22, 2017, 6:42 AM Patrick Ohly <<a href="mailto:patrick.ohly@intel.com">patrick.ohly@intel.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1)<br class="gmail_msg">
wrote:<br class="gmail_msg">
> We are using initramfs to run a script which before mounting the root<br class="gmail_msg">
> file system checks for ima policy and also responsible for loading the<br class="gmail_msg">
> evm-keys. In short, the initramfs contains a script which is executed<br class="gmail_msg">
> before mounting the main root file system.<br class="gmail_msg">
<br class="gmail_msg">
Ostro OS does the same, with IMA activated via a plugin for the<br class="gmail_msg">
initramfs-framework (a set of scripts in OE-core).<br class="gmail_msg">
<br class="gmail_msg">
meta-integrity:<br class="gmail_msg">
<a href="https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity" rel="noreferrer" class="gmail_msg" target="_blank">https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity</a><br class="gmail_msg">
<br class="gmail_msg">
IMA plugin:<br class="gmail_msg">
<a href="https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts" rel="noreferrer" class="gmail_msg" target="_blank">https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts</a><br class="gmail_msg">
<br class="gmail_msg">
Full initramfs using this is <a href="http://ostro-initramfs.bb" rel="noreferrer" class="gmail_msg" target="_blank">ostro-initramfs.bb</a> in:<br class="gmail_msg">
<a href="https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images" rel="noreferrer" class="gmail_msg" target="_blank">https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images</a><br class="gmail_msg">
<br class="gmail_msg">
Perhaps this will give you some ideas how to do this, or can even be<br class="gmail_msg">
used as-is?<br class="gmail_msg">
<br class="gmail_msg">
--<br class="gmail_msg">
Best Regards, Patrick Ohly<br class="gmail_msg">
<br class="gmail_msg">
The content of this message is my personal opinion only and although<br class="gmail_msg">
I am an employee of Intel, the statements I make here in no way<br class="gmail_msg">
represent Intel's position on the issue, nor am I authorized to speak<br class="gmail_msg">
on behalf of Intel on this matter.<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
--<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
yocto mailing list<br class="gmail_msg">
<a href="mailto:yocto@yoctoproject.org" class="gmail_msg" target="_blank">yocto@yoctoproject.org</a><br class="gmail_msg">
<a href="https://lists.yoctoproject.org/listinfo/yocto" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.yoctoproject.org/listinfo/yocto</a><br class="gmail_msg">
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">Jeremy Thien<div>Adtec Digital</div><div><a href="http://adtecdigital.com">adtecdigital.com</a></div><div><a href="mailto:jeremy.thien@adtecdigital.net">jeremy.thien@adtecdigital.net</a></div></div></div>