On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1)
wrote:
> We are using initramfs to run a script which before mounting the root
> file system checks for ima policy and also responsible for loading the
> evm-keys. In short, the initramfs contains a script which is executed
> before mounting the main root file system.

Ostro OS does the same, with IMA activated via a plugin for the
initramfs-framework (a set of scripts in OE-core).

meta-integrity:
https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity

IMA plugin:
https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts

Full initramfs using this is ostro-initramfs.bb in:
https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images

Perhaps this will give you some ideas how to do this, or can even be
used as-is?

--
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.



--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto