Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 1 | # This recipe creates a module for the initramfs-framework in OE-core |
| 2 | # which initializes IMA by loading a policy before transferring |
| 3 | # control to the init process in the rootfs. The advantage over having |
| 4 | # that init process doing the policy loading (which systemd could do) |
| 5 | # is that already the integrity of the init binary itself will be |
| 6 | # checked by the kernel. |
| 7 | |
| 8 | SUMMARY = "IMA module for the modular initramfs system" |
| 9 | LICENSE = "MIT" |
| 10 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
| 11 | |
| 12 | # This policy file will get installed as /etc/ima/ima-policy. |
| 13 | # It is located via the normal file search path, so a .bbappend |
| 14 | # to this recipe can just point towards one of its own files. |
| 15 | IMA_POLICY ?= "ima_policy_hashed" |
| 16 | |
| 17 | SRC_URI = " file://ima" |
| 18 | |
| 19 | do_install () { |
| 20 | install -d ${D}/${sysconfdir}/ima |
| 21 | install -d ${D}/init.d |
| 22 | install ${WORKDIR}/ima ${D}/init.d/20-ima |
| 23 | } |
| 24 | |
| 25 | FILES_${PN} = "/init.d ${sysconfdir}" |
| 26 | |
| 27 | RDEPENDS_${PN} = "keyutils ${IMA_POLICY}" |
| 28 | RDEPENDS_${PN} += "initramfs-framework-base" |