Re: [meta-security][dunfell][PATCH 0/9] Some IMA/EVM fixes to dunfell branch


Armin Kuster
 

merged.

thanks.

On 3/10/21 2:31 AM, Ming Liu wrote:
Hi, akuster808:

I saw this patch set has been merged to gatesgarth, may I ask, any
plan for dunfell? I am asking because dunfell is a LTS branch and many
users are building their products based on it. Thanks!

the best,
thank you

series in build testing

-armin

On 3/2/21 6:57 AM, liu.ming50@gmail.com
<mailto:liu.ming50@gmail.com> wrote:
> From: Ming Liu <ming.liu@toradex.com <mailto:ming.liu@toradex.com>>
>
> Cherry pick some IMA/EVM fixes to LTS dunfell branch, with these
> patches applied, I could run a ima enabled image with
sysvinit/systemd
> on qemuarm/qemuarm64 and some NXP machines.
>
> Ming Liu (9):
>   ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
>   initramfs-framework-ima: fix a wrong path
>   ima-evm-keys: add recipe
>   initramfs-framework-ima: RDEPENDS on ima-evm-keys
>   meta: refactor IMA/EVM sign rootfs
>   README.md: update according to the refactoring in
>     ima-evm-rootfs.bbclass
>   initramfs-framework-ima: let ima_enabled return 0
>   ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
>   ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
>
>  meta-integrity/README.md                      |  4 ++-
>  meta-integrity/classes/ima-evm-rootfs.bbclass | 33
+++++++++----------
>  .../initrdscripts/initramfs-framework-ima.bb
<http://initramfs-framework-ima.bb>  |  2 +-
>  .../initrdscripts/initramfs-framework-ima/ima |  3 +-
>  .../ima-evm-keys/ima-evm-keys_1.0.bb
<http://ima-evm-keys_1.0.bb>          | 16 +++++++++
>  .../ima-evm-utils/ima-evm-utils_git.bb
<http://ima-evm-utils_git.bb>        |  1 +
>  .../ima_policy_hashed/files/ima_policy_hashed |  3 ++
>  7 files changed, 41 insertions(+), 21 deletions(-)
>  create mode 100644
meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
<http://ima-evm-keys_1.0.bb>
>

Join yocto@lists.yoctoproject.org to automatically receive all group messages.