[OpenPower-Firmware] [PATCH v2 1/1] Enable IMA in skiroot

Patrick Williams patrick at stwcx.xyz
Tue May 31 06:27:58 AEST 2016 

Dave,

There aren't any repositories that we really accept patches thru this mailing list. Any changes to op-build should be a pull request in Github against the master-next branch. 

Patrick
Sent from my iPhone

> On May 30, 2016, at 2:26 PM, Dave Heller <hellerda at linux.vnet.ibm.com> wrote:
> 
> This adds basic support for the Integrity Measurement Subsystem to the
> skiroot kernel.
> 
> The changes to skiroot_defconfig are the kernel config options to enable IMA
> and the basic security subsystem.  The values were obtained by running a make
> menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig,
> tnen updating skiroot_defconfig with this result.
> 
> The changes to /etc/fstab ensure securityfs is mounted at boot.
> 
> Signed-off-by: Dave Heller <hellerda at linux.vnet.ibm.com>
> ---
> openpower/configs/linux/skiroot_defconfig | 7 ++++---
> openpower/overlay/etc/fstab               | 1 +
> 2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig
> index b76ecb8..231e55a 100644
> --- a/openpower/configs/linux/skiroot_defconfig
> +++ b/openpower/configs/linux/skiroot_defconfig
> @@ -157,6 +157,7 @@ CONFIG_HW_RANDOM=y
> CONFIG_GEN_RTC=y
> CONFIG_RAW_DRIVER=y
> CONFIG_MAX_RAW_DEVS=1024
> +CONFIG_TCG_TIS_I2C_NUVOTON=y
> # CONFIG_I2C_COMPAT is not set
> CONFIG_I2C_CHARDEV=y
> # CONFIG_I2C_HELPER_AUTO is not set
> @@ -223,13 +224,13 @@ CONFIG_SCHEDSTATS=y
> # CONFIG_FTRACE is not set
> CONFIG_XMON=y
> CONFIG_XMON_DEFAULT=y
> +CONFIG_SECURITY=y
> +CONFIG_IMA=y
> +CONFIG_EVM=y
> # CONFIG_CRYPTO_ECHAINIV is not set
> CONFIG_CRYPTO_ECB=y
> CONFIG_CRYPTO_CMAC=y
> -CONFIG_CRYPTO_HMAC=y
> CONFIG_CRYPTO_MD4=y
> -CONFIG_CRYPTO_MD5=y
> -CONFIG_CRYPTO_SHA256=y
> CONFIG_CRYPTO_ARC4=y
> CONFIG_CRYPTO_DES=y
> # CONFIG_CRYPTO_HW is not set
> diff --git a/openpower/overlay/etc/fstab b/openpower/overlay/etc/fstab
> index d373dc6..ece6d84 100644
> --- a/openpower/overlay/etc/fstab
> +++ b/openpower/overlay/etc/fstab
> @@ -4,3 +4,4 @@ proc        /proc        proc    defaults    0    0
> devpts        /dev/pts    devpts    defaults,gid=5,mode=620    0    0
> tmpfs        /dev/shm    tmpfs    mode=0777    0    0
> sysfs        /sys        sysfs    defaults    0    0
> +securityfs    /sys/kernel/security    securityfs    defaults    0    0
> -- 
> 2.5.0
> 
> _______________________________________________
> OpenPower-Firmware mailing list
> OpenPower-Firmware at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/openpower-firmware

More information about the OpenPower-Firmware mailing list