[OpenPower-Firmware] [PATCH v2 1/1] Enable IMA in skiroot

Dave Heller hellerda at linux.vnet.ibm.com
Tue May 31 07:39:53 AEST 2016 

On 05/30/2016 04:27 PM, Patrick Williams wrote:
> Dave,
>
> There aren't any repositories that we really accept patches thru this mailing list. Any changes to op-build should be a pull request in Github against the master-next branch.
>
Ok, will do.  -Dave

> Patrick
> Sent from my iPhone
>
>> On May 30, 2016, at 2:26 PM, Dave Heller <hellerda at linux.vnet.ibm.com> wrote:
>>
>> This adds basic support for the Integrity Measurement Subsystem to the
>> skiroot kernel.
>>
>> The changes to skiroot_defconfig are the kernel config options to enable IMA
>> and the basic security subsystem.  The values were obtained by running a make
>> menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig,
>> tnen updating skiroot_defconfig with this result.
>>
>> The changes to /etc/fstab ensure securityfs is mounted at boot.
>>
>> Signed-off-by: Dave Heller <hellerda at linux.vnet.ibm.com>
>> ---
>> openpower/configs/linux/skiroot_defconfig | 7 ++++---
>> openpower/overlay/etc/fstab               | 1 +
>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig
>> index b76ecb8..231e55a 100644
>> --- a/openpower/configs/linux/skiroot_defconfig
>> +++ b/openpower/configs/linux/skiroot_defconfig
>> @@ -157,6 +157,7 @@ CONFIG_HW_RANDOM=y
>> CONFIG_GEN_RTC=y
>> CONFIG_RAW_DRIVER=y
>> CONFIG_MAX_RAW_DEVS=1024
>> +CONFIG_TCG_TIS_I2C_NUVOTON=y
>> # CONFIG_I2C_COMPAT is not set
>> CONFIG_I2C_CHARDEV=y
>> # CONFIG_I2C_HELPER_AUTO is not set
>> @@ -223,13 +224,13 @@ CONFIG_SCHEDSTATS=y
>> # CONFIG_FTRACE is not set
>> CONFIG_XMON=y
>> CONFIG_XMON_DEFAULT=y
>> +CONFIG_SECURITY=y
>> +CONFIG_IMA=y
>> +CONFIG_EVM=y
>> # CONFIG_CRYPTO_ECHAINIV is not set
>> CONFIG_CRYPTO_ECB=y
>> CONFIG_CRYPTO_CMAC=y
>> -CONFIG_CRYPTO_HMAC=y
>> CONFIG_CRYPTO_MD4=y
>> -CONFIG_CRYPTO_MD5=y
>> -CONFIG_CRYPTO_SHA256=y
>> CONFIG_CRYPTO_ARC4=y
>> CONFIG_CRYPTO_DES=y
>> # CONFIG_CRYPTO_HW is not set
>> diff --git a/openpower/overlay/etc/fstab b/openpower/overlay/etc/fstab
>> index d373dc6..ece6d84 100644
>> --- a/openpower/overlay/etc/fstab
>> +++ b/openpower/overlay/etc/fstab
>> @@ -4,3 +4,4 @@ proc        /proc        proc    defaults    0    0
>> devpts        /dev/pts    devpts    defaults,gid=5,mode=620    0    0
>> tmpfs        /dev/shm    tmpfs    mode=0777    0    0
>> sysfs        /sys        sysfs    defaults    0    0
>> +securityfs    /sys/kernel/security    securityfs    defaults    0    0
>> --
>> 2.5.0
>>
>> _______________________________________________
>> OpenPower-Firmware mailing list
>> OpenPower-Firmware at lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/openpower-firmware
>
>

More information about the OpenPower-Firmware mailing list