From: Peter Hoyes <Peter.Hoyes@...> Runtime validation is currently failing on qemu-cortex-a9 for undiagnosed reasons. Disable testimage on this machine for now until it has been fixed. Signed-off-by:

From: Peter Hoyes <Peter.Hoyes@...> Signed-off-by: Peter Hoyes <Peter.Hoyes@...> --- ci/base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/base.yml b/ci/base.yml index 70ada

Current Dev Position: YP 4.3 M1 Next Deadline: 5th June 2023 YP 4.3 M1 build date Next Team Meetings: Bug Triage meeting Thursday May 11th 7:30 am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0

Fix the IMA kernel feature. Remove outdated patches and add ima.cfg holding kernel configuration options for IMA and EVM. Signed-off-by: Stefan Berger <stefanb@...> --- meta-integrity/classes/ima-evm-

Fix the ima_policy_appraise_all policy to appraise all executables and libraries. Also update the list of files that are not appraised to not appraise cgroup related files. Signed-off-by: Stefan Berge

Signed-off-by: Stefan Berger <stefanb@...> --- meta-integrity/classes/ima-evm-rootfs.bbclass | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/meta-integrity/class

Add a temporary patch that resolves a file change notification issue with overlayfs where IMA did not become aware of the file changes since the 'lower' inode's i_version had not changed. The issue wi

Signed-off-by: Stefan Berger <stefanb@...> --- ...ation-using-ioctl-when-evm_portable-.patch | 35 +++++++++++++++++++ ...-evm-utils_1.4.bb => ima-evm-utils_1.5.bb} | 9 +++-- 2 files changed, 42 insert

The IMA policy will be specified using the IMA_EVM_POLICY variable since systemd will not be involved in loading the policy but the init script will load it. Signed-off-by: Stefan Berger <stefanb@...>

Update the README describing how IMA support can be used. Signed-off-by: Stefan Berger <stefanb@...> --- meta-integrity/README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletion

This series of patches fixes the current support for IMA and EVM by removing outdated patches for example and adding kernel config options. I have tried out these patches with OpenBMC where the apprai

For shorted file signatures use EC keys rather than RSA keys. Document the debug keys and their purpose. Adapt the scripts for creating these types of keys to now create EC keys. Signed-off-by: Stefan

From: Peter Hoyes <Peter.Hoyes@...> Yocto mickledore introduced the addpylib directive for explicitly adding layer paths to the PYTHONPATH. Standalone OEQA test suite discovery does not require this d

This reverts commit ffd9eb59c7d35c3f9acc29be661bdcd0c6332897. Applied to wrong branch. Signed-off-by: Armin Kuster <akuster808@...> --- meta-parsec/conf/layer.conf | 2 -- 1 file changed, 2 deletions(-

Changelog: 3.2.2 A buffer overflow in tss2-rc as CVE-2023-22745. The drv layer in tss2-rc should have been the policy layer. Spec deviation in Fapi_GetDescription caused description to be NULL when it

All, The below were the owners of enhancements or bugs closed during the last week! Who Count richard.purdie@... 2 ross.burton@... 1 alexandre.belloni@... 1 Grand Total 4 Thanks, Stephen K. Jolley Yoc

All, Below is the list as of top 38 bug owners as of the end of WW18 of who have open medium or higher bugs and enhancements against YP 4.3. There are 119 possible work days left until the final relea

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the

From: Joe Slater <joe.slater@...> Adjust a comment. Signed-off-by: Joe Slater <joe.slater@...> --- conf/machine-sdk/include/mingw32-common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

This series of patches fixes the current support for IMA and EVM by removing outdated patches for example and adding kernel config options. I have tried out these patches with OpenBMC where the apprai