This repository has been archived by the owner on Feb 7, 2023. It is now read-only.
Files
meta
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||
This README file contains information on the contents of the meta-secure-core layer. Please see the corresponding sections below for details. Dependencies ============ This layer depends on: URI: git://git.openembedded.org/bitbake branch: master URI: git://git.openembedded.org/openembedded-core layers: meta branch: master This layer also provides the support for the stable branches actively maintained by Yocto Project. Please check [this page](https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance) for them. Patches ======= Please submit any patches against the meta-secure-core layer to the maintainer: Maintainer: Jia Zhang <zhang.jia@linux.alibaba.com> Table of Contents ================= I. Adding the meta-secure-core layer to your build II. Configure meta-secure-core III. Build meta-secure-core I. Adding the meta-secure-core layer to your build ================================================== In order to use this layer, you need to make the build system aware of it. Assuming the meta-secure-core layer exists at the top-level of your yocto build tree, you can add it to the build system by adding the location of the meta-secure-core layer to bblayers.conf, along with any other layers needed. e.g.: BBLAYERS ?= "\ /path/to/yocto/meta \ /path/to/yocto/meta-poky \ /path/to/yocto/meta-yocto-bsp \ /path/to/yocto/meta-secure-core/meta \ /path/to/yocto/meta-secure-core/meta-signing-key \ /path/to/yocto/meta-secure-core/meta-tpm \ /path/to/yocto/meta-secure-core/meta-tpm2 \ /path/to/yocto/meta-secure-core/meta-efi-secure-boot \ /path/to/yocto/meta-secure-core/meta-integrity \ /path/to/yocto/meta-secure-core/meta-encrypted-storage \ " or run bitbake-layers to add the meta-secure-core and its sub-layers: $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-signing-key $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-tpm2 $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-efi-secure-boot $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-integrity $ bitbake-layers add-layer /path/to/yocto/meta-secure-core/meta-encrypted-storage II. Configure meta-secure-core ============================== The full features in meta-secure-core can be configured with these definitions in local.conf: INITRAMFS_IMAGE = "secure-core-image-initramfs" DISTRO_FEATURES_NATIVE:append = " systemd ima tpm tpm2 efi-secure-boot luks" DISTRO_FEATURES:append = " systemd ima tpm tpm2 efi-secure-boot luks modsign" MACHINE_FEATURES_NATIVE:append = " efi" MACHINE_FEATURES:append = " efi" PACKAGE_CLASSES = "package_rpm" INHERIT += "sign_rpm_ext" SECURE_CORE_IMAGE_EXTRA_INSTALL ?= "\ packagegroup-efi-secure-boot \ packagegroup-tpm \ packagegroup-tpm2 \ packagegroup-ima \ packagegroup-luks \ " DEBUG_FLAGS:forcevariable = "" IMAGE_INSTALL:append = " kernel-image-bzimage" # Uncomment this line to modify the root parameter in boot command line if the default one # is not working for you. It is helpful when secure boot is enabled. #BOOT_CMD_ROOT = "/dev/hda2" III. Build meta-secure-core =========================== The meta-secure-core provides an image called secure-core-image. Run the following command to build it. $ bitbake secure-core-image Reference ========= [SecureCore - a reference implementation based on meta-secure-core](https://github.com/jiazhang0/SecureCore)