[yocto] Yocto - Building initramfs to run a shell script for the support of IMA/EVM
Jeremy Thien
jeremyt at adtecinc.com
Mon Jan 23 06:08:27 PST 2017
I suggest the debug-iniramfs-image from meta-openembedded/meta-initramfs.
On Sun, Jan 22, 2017, 6:42 AM Patrick Ohly <patrick.ohly at intel.com> wrote:
> On Fri, 2017-01-20 at 12:44 +0000, Eswaran Vinothkumar (BEG-PT/PJ-IOT1)
> wrote:
> > We are using initramfs to run a script which before mounting the root
> > file system checks for ima policy and also responsible for loading the
> > evm-keys. In short, the initramfs contains a script which is executed
> > before mounting the main root file system.
>
> Ostro OS does the same, with IMA activated via a plugin for the
> initramfs-framework (a set of scripts in OE-core).
>
> meta-integrity:
> https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity
>
> IMA plugin:
>
> https://github.com/01org/meta-intel-iot-security/tree/master/meta-integrity/recipes-core/initrdscripts
>
> Full initramfs using this is ostro-initramfs.bb in:
>
> https://github.com/ostroproject/ostro-os/tree/master/meta-ostro/recipes-image/images
>
> Perhaps this will give you some ideas how to do this, or can even be
> used as-is?
>
> --
> Best Regards, Patrick Ohly
>
> The content of this message is my personal opinion only and although
> I am an employee of Intel, the statements I make here in no way
> represent Intel's position on the issue, nor am I authorized to speak
> on behalf of Intel on this matter.
>
>
>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
--
Jeremy Thien
Adtec Digital
adtecdigital.com
jeremy.thien at adtecdigital.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20170123/0b9d11cd/attachment.html>
More information about the yocto
mailing list