Enable IMA in skiroot This adds basic support for the Integrity Measurement Subsystem to the skiroot kernel. The changes to skiroot_defconfig are the kernel config options to enable IMA and the basic security subsystem. The values were obtained by running a make menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig, then updating skiroot_defconfig with this result. The changes to /etc/fstab ensure securityfs is mounted at boot. Signed-off-by: Dave Heller <hellerda@us.ibm.com>

commit: a541bf744d1e1ddf8f30c7848775da5a6f0a3782 [log] [tgz]
author: Dave Heller <hellerda@us.ibm.com> Sun Jun 05 16:39:56 2016 -0400
committer: Dave Heller <hellerda@us.ibm.com> Sun Jun 05 16:39:56 2016 -0400
tree: 401456bf39349a3443fcb8d2ef676f7e012aeba2
parent: a24eb9843bf0b0f8789042bbc00c464e914e727c [diff]
diff --git a/openpower/overlay/etc/fstab b/openpower/overlay/etc/fstab
index d373dc6..ece6d84 100644
--- a/openpower/overlay/etc/fstab
+++ b/openpower/overlay/etc/fstab

@@ -4,3 +4,4 @@
 devpts		/dev/pts	devpts	defaults,gid=5,mode=620	0	0
 tmpfs		/dev/shm	tmpfs	mode=0777	0	0
 sysfs		/sys		sysfs	defaults	0	0
+securityfs	/sys/kernel/security	securityfs	defaults	0	0
commit	a541bf744d1e1ddf8f30c7848775da5a6f0a3782	[log] [tgz]
author	Dave Heller <hellerda@us.ibm.com>	Sun Jun 05 16:39:56 2016 -0400
committer	Dave Heller <hellerda@us.ibm.com>	Sun Jun 05 16:39:56 2016 -0400
tree	401456bf39349a3443fcb8d2ef676f7e012aeba2
parent	a24eb9843bf0b0f8789042bbc00c464e914e727c [diff]