From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id D2D41E003DB; Mon, 23 Jan 2017 08:40:57 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [209.85.216.194 listed in list.dnswl.org] * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Received: from mail-qt0-f194.google.com (mail-qt0-f194.google.com [209.85.216.194]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id 96B57E0030B for ; Mon, 23 Jan 2017 08:40:54 -0800 (PST) Received: by mail-qt0-f194.google.com with SMTP id f4so18463337qte.2 for ; Mon, 23 Jan 2017 08:40:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adtecinc-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ldV66Oud0/ND6lBUfGI0c+GIWk7ZB0gSDcyYGXKY7lg=; b=XMRmMeZpRKzTQTz+ZXbXiSqBglFtgtWDbeYS7i8eRH2USgCyX7goCKUEeJEGSwf2Tx eQlqfqwhlrkzS1tedYdpLUiFGRjqlwHOKvbKJLmPsd+OqrsR8Gm+SS/mcDt9m/8vGSDt xzypRt+l8I8SF7jJ0iFQHBv0tydVEP8rL3rIOOHGA+eQPxMOe2hAOtMJfUpW8RfIM+0G jCh2VPhQ8MqmcLAOLYlfgcVSJtKI1AxOlEI/uJBzIQZwEaJUQ8yN/ShwxmIRjMILNeu9 NWdtxF6clAk/bTIeLCN0IVNH9b4Y304DPSGUaEW9bJJu67oJ1EjdbWpa1oSa0YVW+b25 D8GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ldV66Oud0/ND6lBUfGI0c+GIWk7ZB0gSDcyYGXKY7lg=; b=HMhay793c61qPo0Ttp4v97p1mPxcGVu1SsIRBjYSLc8tvODNqO6PIuIpeDaXBDYPt0 vSEcYrVG7x3v8YukKNagNOUP5iPu/MzMqGeRl0HwTWVTzRMQJRg6U+f66WR0ZzeiCawH tDNvTdRoTn1QmG4/C+Ye8cN4cpMlBpfWxlDcgQtXoyzr+rWZGVlOqPkhdqV6ZGpvMdlN blkKz0kD32k5iuEiao1kdk+akmWD6zZ6tc8V8IHZsUh5/QuDcfC5u8raZYPNaT/3HRxT 68Yk+Db/2fHw2egxO15862KHAwVDPbJB4+Nc/R2zl8sxKCjAO5ryO1d9JZsthUu0k8RO q4cA== X-Gm-Message-State: AIkVDXLZm1pFUSFCnf5K15h7WYBpUWtbRTjOJfmE0AAYV3E+KQpr3Qdb7tCw8kwXfy+PQMonuKx053V2va9TOQ== X-Received: by 10.200.39.200 with SMTP id x8mr24499590qtx.159.1485189653516; Mon, 23 Jan 2017 08:40:53 -0800 (PST) MIME-Version: 1.0 References: <1485085344.20333.7.camel@intel.com> In-Reply-To: From: Jeremy Thien Date: Mon, 23 Jan 2017 16:40:43 +0000 Message-ID: To: Patrick Ohly , "Eswaran Vinothkumar (BEG-PT/PJ-IOT1)" Cc: "yocto@yoctoproject.org" Subject: Re: Yocto - Building initramfs to run a shell script for the support of IMA/EVM X-BeenThere: yocto@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Discussion of all things Yocto Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 16:40:57 -0000 Content-Type: multipart/alternative; boundary=001a1135b526b913950546c5a969 --001a1135b526b913950546c5a969 Content-Type: text/plain; charset=UTF-8 Sorry, mangled the name. It should be initramfs-debug-image. It is very simple, but you have to handle switch root yourself. On Mon, Jan 23, 2017 at 9:08 AM Jeremy Thien wrote: > I suggest the debug-iniramfs-image from meta-openembedded/meta-initramfs. > > On Sun, Jan 22, 2017, 6:42 AM Patrick Ohly wrote: > > On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1) > wrote: > > We are using initramfs to run a script which before mounting the root > > file system checks for ima policy and also responsible for loading the > > evm-keys. In short, the initramfs contains a script which is executed > > before mounting the main root file system. > > Ostro OS does the same, with IMA activated via a plugin for the > initramfs-framework (a set of scripts in OE-core). > > meta-integrity: > https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity > > IMA plugin: > > https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts > > Full initramfs using this is ostro-initramfs.bb in: > > https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images > > Perhaps this will give you some ideas how to do this, or can even be > used as-is? > > -- > Best Regards, Patrick Ohly > > The content of this message is my personal opinion only and although > I am an employee of Intel, the statements I make here in no way > represent Intel's position on the issue, nor am I authorized to speak > on behalf of Intel on this matter. > > > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > > -- > Jeremy Thien > Adtec Digital > adtecdigital.com > jeremy.thien@adtecdigital.net > -- Jeremy Thien Adtec Digital adtecdigital.com jeremy.thien@adtecdigital.net --001a1135b526b913950546c5a969 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Sorry, mangled the name. It should be initramfs-debug-imag= e. It is very simple, but you have to handle switch root yourself.
On Mon, Jan 23, 2017 at 9:08 A= M Jeremy Thien <jeremyt@adtecinc= .com> wrote:

I suggest the debug-iniramfs-image from meta-openembedd= ed/meta-initramfs.


On Sun, Jan 22, 2017, 6:42 AM Patrick Ohly <= patrick.ohly@intel.com> wrote:
On Fri, 2017-01-20 at 12:44 +0000, Eswaran= Vinothkumar (BEG-PT/PJ-IOT1)
wrote:
> We are using initramfs to run a script which before mounting the root<= br class=3D"gmail_msg"> > file system checks for ima policy and also responsible for loading the=
> evm-keys. In short, the initramfs contains a script which is executed<= br class=3D"gmail_msg"> > before mounting the main root file system.

Ostro OS does the same, with IMA activated via a plugin for the
initramfs-framework (a set of scripts in OE-core).

meta-integrity:
https= ://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity<= br class=3D"gmail_msg">
IMA plugin:
https://github.com/01org/meta-intel-iot-security/tree= /master/meta-integrity/recipes-core/initrdscripts

Full initramfs using this is ostro-initramfs.bb in:=
https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes= -image/images

Perhaps this will give you some ideas how to do this, or can even be
used as-is?

--
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter.



--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/list= info/yocto
--
<= div dir=3D"ltr" class=3D"gmail_msg">Jeremy Thien
Ad= tec Digital
adtecdigital.com
<= /div>
--
--001a1135b526b913950546c5a969--