[yocto] Yocto - Building initramfs to run a shell script for the support of IMA/EVM
Patrick Ohly
patrick.ohly at intel.com
Sun Jan 22 03:42:24 PST 2017
On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1)
wrote:
> We are using initramfs to run a script which before mounting the root
> file system checks for ima policy and also responsible for loading the
> evm-keys. In short, the initramfs contains a script which is executed
> before mounting the main root file system.
Ostro OS does the same, with IMA activated via a plugin for the
initramfs-framework (a set of scripts in OE-core).
meta-integrity:
https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity
IMA plugin:
https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts
Full initramfs using this is ostro-initramfs.bb in:
https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images
Perhaps this will give you some ideas how to do this, or can even be
used as-is?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the yocto
mailing list