{"id":13640695,"url":"https://github.com/jiazhang0/meta-secure-core","last_synced_at":"2025-04-20T06:34:22.283Z","repository":{"id":24118877,"uuid":"95086593","full_name":"jiazhang0/meta-secure-core","owner":"jiazhang0","description":"OpenEmbedded layer for the use cases on secure boot, integrity and encryption","archived":true,"fork":false,"pushed_at":"2023-02-07T03:08:18.000Z","size":14473,"stargazers_count":82,"open_issues_count":25,"forks_count":73,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-09T11:37:00.642Z","etag":null,"topics":["efi","encryption","ima","integrity","modsign","secure-boot","security","sgx","signing-keys","tpm","tpm2","uefi"],"latest_commit_sha":null,"homepage":"","language":"BitBake","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jiazhang0.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"COPYING.MIT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2017-06-22T07:21:37.000Z","updated_at":"2024-10-23T06:05:35.000Z","dependencies_parsed_at":"2023-02-10T20:01:16.563Z","dependency_job_id":null,"html_url":"https://github.com/jiazhang0/meta-secure-core","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiazhang0%2Fmeta-secure-core","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiazhang0%2Fmeta-secure-core/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiazhang0%2Fmeta-secure-core/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiazhang0%2Fmeta-secure-core/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jiazhang0","download_url":"https://codeload.github.com/jiazhang0/meta-secure-core/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249859688,"owners_count":21335988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["efi","encryption","ima","integrity","modsign","secure-boot","security","sgx","signing-keys","tpm","tpm2","uefi"],"created_at":"2024-08-02T01:01:13.570Z","updated_at":"2025-04-20T06:34:21.917Z","avatar_url":"https://github.com/jiazhang0.png","language":"BitBake","funding_links":[],"categories":["Remote Attestation (RA) and Secure Channels"],"sub_categories":["Library OSes and SDKs"],"readme":"This README file contains information on the contents of the\nmeta-secure-core layer.\n\nPlease see the corresponding sections below for details.\n\n\nDependencies\n============\n\nThis layer depends on:\n\n  URI: git://git.openembedded.org/bitbake\n  branch: master\n\n  URI: git://git.openembedded.org/openembedded-core\n  layers: meta\n  branch: master\n\nThis layer also provides the support for the stable branches actively\nmaintained by Yocto Project. Please check [this page](https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance) for them.\n\nPatches\n=======\n\nPlease submit any patches against the meta-secure-core layer to the\nmaintainer:\n\nMaintainer: Jia Zhang \u003czhang.jia@linux.alibaba.com\u003e\n\n\nTable of Contents\n=================\n\n  I. Adding the meta-secure-core layer to your build\n II. Configure meta-secure-core\nIII. Build meta-secure-core\n\n\nI. Adding the meta-secure-core layer to your build\n==================================================\n\nIn order to use this layer, you need to make the build system aware of\nit.\n\nAssuming the meta-secure-core layer exists at the top-level of your\nyocto build tree, you can add it to the build system by adding the\nlocation of the meta-secure-core layer to bblayers.conf, along with any\nother layers needed. e.g.:\n\n  BBLAYERS ?= \"\\\n    /path/to/yocto/meta \\\n    /path/to/yocto/meta-poky \\\n    /path/to/yocto/meta-yocto-bsp \\\n    /path/to/yocto/meta-secure-core/meta \\\n    /path/to/yocto/meta-secure-core/meta-signing-key \\\n    /path/to/yocto/meta-secure-core/meta-tpm \\\n    /path/to/yocto/meta-secure-core/meta-tpm2 \\\n    /path/to/yocto/meta-secure-core/meta-efi-secure-boot \\\n    /path/to/yocto/meta-secure-core/meta-integrity \\\n    /path/to/yocto/meta-secure-core/meta-encrypted-storage \\\n    \"\n\nor run bitbake-layers to add the meta-secure-core and its sub-layers:\n\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity\n    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage\n\nII. Configure meta-secure-core\n==============================\n\nThe full features in meta-secure-core can be configured with these definitions\nin local.conf:\n\nINITRAMFS_IMAGE = \"secure-core-image-initramfs\"\nDISTRO_FEATURES_NATIVE:append = \" systemd ima tpm tpm2 efi-secure-boot luks\"\nDISTRO_FEATURES:append = \" systemd ima tpm tpm2 efi-secure-boot luks modsign\"\nMACHINE_FEATURES_NATIVE:append = \" efi\"\nMACHINE_FEATURES:append = \" efi\"\nPACKAGE_CLASSES = \"package_rpm\"\nINHERIT += \"sign_rpm_ext\"\nSECURE_CORE_IMAGE_EXTRA_INSTALL ?= \"\\\n    packagegroup-efi-secure-boot \\\n    packagegroup-tpm \\\n    packagegroup-tpm2 \\\n    packagegroup-ima \\\n    packagegroup-luks \\\n\"\nDEBUG_FLAGS:forcevariable = \"\"\nIMAGE_INSTALL:append = \" kernel-image-bzimage\"\n\n# Uncomment this line to modify the root parameter in boot command line if the default one\n# is not working for you. It is helpful when secure boot is enabled.\n#BOOT_CMD_ROOT = \"/dev/hda2\"\n\nIII. Build meta-secure-core\n===========================\n\nThe meta-secure-core provides an image called secure-core-image. Run the\nfollowing command to build it.\n\n    $ bitbake secure-core-image\n\nReference\n=========\n\n[SecureCore - a reference implementation based on meta-secure-core](https://github.com/jiazhang0/SecureCore)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiazhang0%2Fmeta-secure-core","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjiazhang0%2Fmeta-secure-core","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiazhang0%2Fmeta-secure-core/lists"}