commit f1e440673465aa768f31e78c0c201002f9f767b7
author Andrew Geissler <geissonator@yahoo.com> Thu Apr 15 15:52:46 2021 -0500
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Mon Apr 19 13:32:18 2021 +0000
tree 44dffb1d845b35c3f4bf0629a622d8ae04abda41
parent 636aaa195862ab9a5442c3178e38266debab3bff

meta-security: subtree update:775870980b..ca9264b1e1

Anton Antonov (4):
      Use libest "main" branch instead of "master".
      Add meta-parsec layer into meta-security.
      Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
      Clearly define clang toolchain in Parsec recipes

Armin Kuster (16):
      packagegroup-core-security: drop clamav-cvd
      clamav: upgrade 104.0
      python3-privacyidea: upgrade 3.5.1 -> 3.5.2
      clamav: fix systemd service install
      swtpm: now need python-cryptography, pull in layer
      swtpm: file pip3 issue
      swtpm: fix check for tscd deamon on host
      python3-suricata-update: update to 1.2.1
      suricata: update to 6.0.2
      layer.conf: add dynamic-layer for rust pkg
      README: cleanup
      .gitlab-ci.yml: reorder to speed up builds
      kas-security-base.yml: tweek build vars
      gitlab-ci: fine tune order
      clamav: remove rest of mirror.dat ref
      lkrg-module: Add Linux Kernel Runtime Guard

Ming Liu (2):
      meta: drop IMA_POLICY from policy recipes
      initramfs-framework-ima: introduce IMA_FORCE

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9

meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb

diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index 77f6f7c..6471c53 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -14,6 +14,9 @@
 # to this recipe can just point towards one of its own files.
 IMA_POLICY ?= "ima-policy-hashed"
 
+# Force proceed IMA procedure even 'no_ima' boot parameter is available.
+IMA_FORCE ?= "false"
+
 SRC_URI = " file://ima"
 
 inherit features_check
@@ -23,6 +26,8 @@
     install -d ${D}/${sysconfdir}/ima
     install -d ${D}/init.d
     install ${WORKDIR}/ima  ${D}/init.d/20-ima
+
+    sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
 }
 
 FILES_${PN} = "/init.d ${sysconfdir}"