Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jiazhang0/meta-secure-core

OpenEmbedded layer for the use cases on secure boot, integrity and encryption
https://github.com/jiazhang0/meta-secure-core

efi encryption ima integrity modsign secure-boot security sgx signing-keys tpm tpm2 uefi

Last synced: about 1 month ago
JSON representation

OpenEmbedded layer for the use cases on secure boot, integrity and encryption

Host: GitHub
URL: https://github.com/jiazhang0/meta-secure-core
Owner: jiazhang0
License: mit
Archived: true
Created: 2017-06-22T07:21:37.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2023-02-07T03:08:18.000Z (almost 2 years ago)
Last Synced: 2024-08-03T01:17:33.298Z (4 months ago)
Topics: efi, encryption, ima, integrity, modsign, secure-boot, security, sgx, signing-keys, tpm, tpm2, uefi
Language: BitBake
Homepage:
Size: 13.8 MB
Stars: 81
Watchers: 14
Forks: 74
Open Issues: 25
Metadata Files:
- Readme: README
- License: COPYING.MIT
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

Awesome-SGX-Open-Source - https://github.com/jiazhang0/meta-secure-core

README

        This README file contains information on the contents of the

meta-secure-core layer.

Please see the corresponding sections below for details.

Dependencies

============

This layer depends on:

  URI: git://git.openembedded.org/bitbake

  branch: master

  URI: git://git.openembedded.org/openembedded-core

  layers: meta

  branch: master

This layer also provides the support for the stable branches actively

maintained by Yocto Project. Please check [this page](https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance) for them.

Patches

=======

Please submit any patches against the meta-secure-core layer to the

maintainer:

Maintainer: Jia Zhang 

Table of Contents

=================

  I. Adding the meta-secure-core layer to your build

 II. Configure meta-secure-core

III. Build meta-secure-core

I. Adding the meta-secure-core layer to your build

==================================================

In order to use this layer, you need to make the build system aware of

it.

Assuming the meta-secure-core layer exists at the top-level of your

yocto build tree, you can add it to the build system by adding the

location of the meta-secure-core layer to bblayers.conf, along with any

other layers needed. e.g.:

  BBLAYERS ?= "\

    /path/to/yocto/meta \

    /path/to/yocto/meta-poky \

    /path/to/yocto/meta-yocto-bsp \

    /path/to/yocto/meta-secure-core/meta \

    /path/to/yocto/meta-secure-core/meta-signing-key \

    /path/to/yocto/meta-secure-core/meta-tpm \

    /path/to/yocto/meta-secure-core/meta-tpm2 \

    /path/to/yocto/meta-secure-core/meta-efi-secure-boot \

    /path/to/yocto/meta-secure-core/meta-integrity \

    /path/to/yocto/meta-secure-core/meta-encrypted-storage \

    "

or run bitbake-layers to add the meta-secure-core and its sub-layers:

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity

    $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage

II. Configure meta-secure-core

==============================

The full features in meta-secure-core can be configured with these definitions

in local.conf:

INITRAMFS_IMAGE = "secure-core-image-initramfs"

DISTRO_FEATURES_NATIVE:append = " systemd ima tpm tpm2 efi-secure-boot luks"

DISTRO_FEATURES:append = " systemd ima tpm tpm2 efi-secure-boot luks modsign"

MACHINE_FEATURES_NATIVE:append = " efi"

MACHINE_FEATURES:append = " efi"

PACKAGE_CLASSES = "package_rpm"

INHERIT += "sign_rpm_ext"

SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\

    packagegroup-efi-secure-boot \

    packagegroup-tpm \

    packagegroup-tpm2 \

    packagegroup-ima \

    packagegroup-luks \

"

DEBUG_FLAGS:forcevariable = ""

IMAGE_INSTALL:append = " kernel-image-bzimage"

# Uncomment this line to modify the root parameter in boot command line if the default one

# is not working for you. It is helpful when secure boot is enabled.

#BOOT_CMD_ROOT = "/dev/hda2"

III. Build meta-secure-core

===========================

The meta-secure-core provides an image called secure-core-image. Run the

following command to build it.

    $ bitbake secure-core-image

Reference

=========

[SecureCore - a reference implementation based on meta-secure-core](https://github.com/jiazhang0/SecureCore)