From: Jeremy Thien <jeremyt@adtecinc.com>
To: Patrick Ohly <patrick.ohly@intel.com>,
"Eswaran Vinothkumar (BEG-PT/PJ-IOT1)"
<Vinothkumar.Eswaran@de.bosch.com>
Cc: "yocto@yoctoproject.org" <yocto@yoctoproject.org>
Subject: Re: Yocto - Building initramfs to run a shell script for the support of IMA/EVM
Date: Mon, 23 Jan 2017 14:08:27 +0000 [thread overview]
Message-ID: <CALzCvPTYcMYbKt8xqjkCEDYmueTvR4ALpWeODG08SbZzJd4kJg@mail.gmail.com> (raw)
In-Reply-To: <1485085344.20333.7.camel@intel.com>
[-- Attachment #1: Type: text/plain, Size: 1646 bytes --]
I suggest the debug-iniramfs-image from meta-openembedded/meta-initramfs.
On Sun, Jan 22, 2017, 6:42 AM Patrick Ohly <patrick.ohly@intel.com> wrote:
> On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1)
> wrote:
> > We are using initramfs to run a script which before mounting the root
> > file system checks for ima policy and also responsible for loading the
> > evm-keys. In short, the initramfs contains a script which is executed
> > before mounting the main root file system.
>
> Ostro OS does the same, with IMA activated via a plugin for the
> initramfs-framework (a set of scripts in OE-core).
>
> meta-integrity:
> https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity
>
> IMA plugin:
>
> https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts
>
> Full initramfs using this is ostro-initramfs.bb in:
>
> https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images
>
> Perhaps this will give you some ideas how to do this, or can even be
> used as-is?
>
> --
> Best Regards, Patrick Ohly
>
> The content of this message is my personal opinion only and although
> I am an employee of Intel, the statements I make here in no way
> represent Intel's position on the issue, nor am I authorized to speak
> on behalf of Intel on this matter.
>
>
>
> --
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
--
Jeremy Thien
Adtec Digital
adtecdigital.com
jeremy.thien@adtecdigital.net
[-- Attachment #2: Type: text/html, Size: 3582 bytes --]
next prev parent reply other threads:[~2017-01-23 14:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-20 12:44 Yocto - Building initramfs to run a shell script for the support of IMA/EVM Eswaran Vinothkumar (BEG-PT/PJ-IOT1)
2017-01-20 17:07 ` Rick Altherr
2017-01-22 11:42 ` Patrick Ohly
2017-01-23 14:08 ` Jeremy Thien [this message]
2017-01-23 16:40 ` Jeremy Thien
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALzCvPTYcMYbKt8xqjkCEDYmueTvR4ALpWeODG08SbZzJd4kJg@mail.gmail.com \
--to=jeremyt@adtecinc.com \
--cc=Vinothkumar.Eswaran@de.bosch.com \
--cc=patrick.ohly@intel.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.